MS Exchange Active Sync Device Auth
Problem this snippet solves:
Compares the DeviceID of the client against a Data Group list, (useful for centralized management of devices)
Code :
when HTTP_REQUEST { # Apply DeviceID restriction to all ActiveSync directory traffic if {[HTTP::path] == "/Microsoft-Server-ActiveSync"} { # Determine whether connection is Base64 encoded, (Windows Phone) and if necessary begin decoding process set string_b64encoded [HTTP::query] if {[catch {b64decode $string_b64encoded} string_b64decoded] == 0 and $string_b64decoded ne ""} { binary scan $string_b64decoded x4H2 IDlenHEX scan $IDlenHEX %x IDlenDEC set IDlen [expr "$IDlenDEC * 2"] binary scan $string_b64decoded x5H$IDlen HEXdeviceID set string_sentid [string toupper $HEXdeviceID] } else { set string_sentid [string toupper [URI::query [HTTP::uri]]] } # compare deviceID presented in HTTP::query with BigIP Data Group List - 'devices' if {[class match $string_sentid contains devices]} { log local0.info "Successful login with deviceID: $string_sentid" } else { log local0.info "Failed login with deviceID: $string_sentid" ACCESS::session remove } } }
Published Mar 18, 2015
Version 1.0