Restrict Access to Exchange Administrative Center - Enhanced
Problem this snippet solves:
This is an updated version of the iRule to restrict access to the Exchange Administrative Center (EAC) for Exchange 2013 to certain IPs. Our issue was that we still needed aspects of OWA to be available externally for our users and they share the same URI with the EAC. We created an address list (exchange_2013_eac_trusted_addresses) for the IPs and subnets we wanted to allow as well as a string list for the URIs that needed to be accessible for end users (exchange_2013_eac_trusted_uri)
- String List - exchange_2013_eac_trusted_uri
- /ecp/customize/calendardiagnosticlog
- /ecp/mygroups
- /ecp/personalsettings
- /ecp/ruleseditor
- /ecp/sms
- /ecp/teammailbox
- /ecp/troubleshooting
Code :
when HTTP_REQUEST { if { [HTTP::uri] contains "/ecp" } { set response "EAC Access Denied We are sorry, but access to the Exchange Administration Center is restricted to approved client IP addresses. Your IP address is not approved." if { [HTTP::header exists "Referer"] } { if { [HTTP::header "Referer"] contains "rfr=owa" } { pool exchange_2013_owa_pool7 } } elseif { [class match [IP::client_addr] equals "exchange_2013_eac_trusted_addresses"]} { pool exchange_2013_owa_pool7 } elseif { [class match [string tolower [HTTP::uri]] starts_with "exchange_2013_eac_trusted_uri"] } { pool exchange_2013_owa_pool7 } else { HTTP::respond 200 content $response } unset response } }
Published Mar 18, 2015
Version 1.0Michael_England
Nimbostratus
Joined May 03, 2013
Michael_England
Nimbostratus
Joined May 03, 2013
- Shann_P_160848NimbostratusWhere should this address list exist so that the iRule can read these? Can you show an example of this address list as well?