Forum Discussion
SharePoint 2013 Office Web Apps and APM
- Feb 10, 2015
Hi JDL, if you want to protect Web Apps with APM, you need to colocate it with the SharePoint virtual server and make sure the Web Apps FQDN is included in the list when you deploy the iApp (that will add it to the multi-domains list in the APM profile). If you are doing a separate virtual server, it shouldn't have an APM policy assigned.
Hi JDL, I am actually having issues with the OWA server when it calls sharepoint.company.com. Since it isn't a user it can't complete the SSO.
What I was trying, which worked on every request after the first one:
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] contains "owa.company.com" } {
pool OWA-pool
} else {
if { [IP::addr [IP::client_addr] equals OWA-pool-member] } {
ACCESS::disable
}
pool SP13-pool
persist none
}
}
It was as if it had to go through once to have ACCESS disabled and then it was right after that. I flipped the logic to be ACCESS::disable at the start and then enable for everything that isn't the OWA-pool-member, and this WORKS. Not sure that is good practice though.
when HTTP_REQUEST {
ACCESS::disable
if { [string tolower [HTTP::host]] contains "owa.company.com" } {
pool OWA-pool
} else {
if { [IP::client_addr] != "OWA-pool-member" } {
ACCESS::enable
}
pool SP13-pool
persist none
}
}
I'd probably rather have an iRule more like my first one that just disables when the OWA-pool-member hits SP but it doesn't work in its current form. I was thinking of adding a redirect back to the same URI after the ACCESS::disable (to simulate the second try, which works) but need an IF statement in there to check, IF ACCESS already been disabled once, don't redirect again.
I might play with that some more, I was trying to use "ACCESS::session data get" but without success. I suppose I could set a cookie on the first pass and remove it if it exists on the second pass, just to prove my thinking.
Cheers
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com