Forum Discussion
Tony_Olson_3272
Nimbostratus
Nimbostratussplit authentication
I have a customer that wants certain traffic to the same VIP handled 2 different ways:
You have the entire URL (Ex: bobsdonuts.krispy.krm ) in pass through where we only need a subset of this in...
Heinrichm_18951
Cirrus
CirrusI recommend having a look at the Microsoft Exchange Server deployment guide. That's where I found a solution.
To get the one that is optimized for you TMOS version go to > Support > Documentation > BIG-IP LTM > Your Version Deployment Guides > Microsoft Exchange Server 2010 and 2013 (BIG-IP v11 - v13: LTM, APM, AFM)
Basically it is the following with an added layer of security.
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] equals "/xyz/eao.aspx" } {
ACCESS::disable
}
}If you do not want to have to look up the code for Exchange:
priority 1
when HTTP_REQUEST {
set is_disabled 0
switch -glob [string tolower [HTTP::path]] {
"/ews/mrsproxy.svc" -
"/ews/exchange.asmx/wssecurity" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool
}
"/autodiscover/autodiscover.svc/wssecurity" -
"/autodiscover/autodiscover.svc" {
set is_disabled 1
set path [HTTP::path]
ACCESS::disable
HTTP::path _disable-$path
pool
}
}
}
when HTTP_REQUEST_RELEASE {
if { [info exists is_disabled] && $is_disabled == 0 } { return }
if { [info exists path] } {
HTTP::path $path
unset is_disabled
unset path
}
}I can't claim to comprehend all the commands, however, it is about not giving access to more than the specified URL. One thing to note is the -glob command in the switches
-exact
Use exact matching when comparing string to a pattern. This is the default.
-glob
When matching string to the patterns, use glob-style matching (i.e. the same as implemented by the string match command).I hope this will help you on your way
