Trying to block users from using Outlook mobile app

Question

During our 365 migration, a few users have had issues with accounts locking out. We have F5 running as a load balancer and I can see bad sessions come in from the Outlook mobile app. Trying to delete the account off the user's mobile device does not fix the issue. I want to drop any sessions for the Outlook app for these users. I am very new to F5 and don't have much experience with the iRules. I created an iRule group with the usernames of these users called OutlookAppUsers and have the following iRule:

when HTTP_REQUEST {

if { [class match [HTTP::header "User-Agent"] contains "Outlook-iOS-Android"] and [class match [HTTP::username] contains OutlookAppUsers] }

{

drop

}

Not surprised that it didn't work. Just looking for some guidance. Thank you.

peterwaz · Answer

For future reference, I figured out my issues with this. First, I changed the first part of the IF statement to [class match [HTTP::header "User-Agent"] contains OutlokApp] and created a group with the possible iterations of the Outlook App header. I then also realized that I did not add the rule to a virtual server, so it was never running. Once I did both, the rule worked.

Forum Discussion

Trying to block users from using Outlook mobile app

Recent Discussions

XC Bot defense question

Big-IP not recognized by Big-IQ

UCS backup not loading Big IP DNS pool

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Protecting Your Native Mobile Apps with F5 XC Mobile App Shield

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Bot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDK

Outlook NTL Authentication

Soldier Arrested, Crypto Malware, Wash. St. Sues T-Mobile, US Treasury Breach, LDAPNightmare PoC

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS