MS Exchange Active Sync Device Auth
Problem this snippet solves:
Compares the DeviceID of the client against a Data Group list, (useful for centralized management of devices)
Code :
when HTTP_REQUEST { # Apply DeviceID restriction to all ActiveSync directory traffic if {[HTTP::path] == "/Microsoft-Server-ActiveSync"} { # Determine whether connection is Base64 encoded, (Windows Phone) and if necessary begin decoding process set string_b64encoded [HTTP::query] if {[catch {b64decode $string_b64encoded} string_b64decoded] == 0 and $string_b64decoded ne ""} { binary scan $string_b64decoded x4H2 IDlenHEX scan $IDlenHEX %x IDlenDEC set IDlen [expr "$IDlenDEC * 2"] binary scan $string_b64decoded x5H$IDlen HEXdeviceID set string_sentid [string toupper $HEXdeviceID] } else { set string_sentid [string toupper [URI::query [HTTP::uri]]] } # compare deviceID presented in HTTP::query with BigIP Data Group List - 'devices' if {[class match $string_sentid contains devices]} { log local0.info "Successful login with deviceID: $string_sentid" } else { log local0.info "Failed login with deviceID: $string_sentid" ACCESS::session remove } } }
- Stanislas_Piro2Cumulonimbus
Hi,
I tried to use this irule and I have two problems:
-
Line 15, the deviceID is not the full query string but the deviceID parameter:
set string_sentid [URI::query [string toupper [HTTP::uri]] DEVICEID]
-
for some devices (I tried with iPhone mail) the first request is with method OPTIONS and without query string. did you have this issue, and did you solve it?
-
- elena_albertiNimbostratus
Hello, what about the iphone: for some devices (I tried with iPhone mail) the first request is with method OPTIONS and without query string. did you have this issue, and did you solve it?
I'm encountering this issue cause irule is not working only for iphone. I can see request without the query!
How can I solve? THanks a lot BR Elena