Here is what ended up working for me after identifying all the URIs I needed. Looks messy but it works.
when HTTP_REQUEST {
if {[HTTP::uri] contains "/Microsoft-Server-ActiveSync" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/owa" } {
HTTP::uri "[HTTP::uri]"
}else {
if {[HTTP::uri] contains "/ecp" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/Autodiscover" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/EWS" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/Exchange" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/Exchweb" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/OAB" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/Public" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/rpc" } {
HTTP::uri "[HTTP::uri]"
} else {
if {[HTTP::uri] contains "/RpcWithCert" } {
HTTP::uri "[HTTP::uri]"
} else {
HTTP::uri "/owa"
}
}
}
}
}
}
}
}
}
}
}
}