cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_England
Nimbostratus
Nimbostratus

Problem this snippet solves:

This is an updated version of the iRule to restrict access to the Exchange Administrative Center (EAC) for Exchange 2013 to certain IPs. Our issue was that we still needed aspects of OWA to be available externally for our users and they share the same URI with the EAC. We created an address list (exchange_2013_eac_trusted_addresses) for the IPs and subnets we wanted to allow as well as a string list for the URIs that needed to be accessible for end users (exchange_2013_eac_trusted_uri)

  • String List - exchange_2013_eac_trusted_uri
  • /ecp/customize/calendardiagnosticlog
  • /ecp/mygroups
  • /ecp/personalsettings
  • /ecp/ruleseditor
  • /ecp/sms
  • /ecp/teammailbox
  • /ecp/troubleshooting

Code :

when HTTP_REQUEST {
if { [HTTP::uri] contains "/ecp" } {
set response "EAC Access DeniedWe are sorry, but access to the Exchange
Administration Center is restricted to approved client IP addresses. Your IP address is not approved."
if { [HTTP::header exists "Referer"] } {
if { [HTTP::header "Referer"] contains "rfr=owa" } {
pool exchange_2013_owa_pool7
}
} elseif { [class match [IP::client_addr] equals "exchange_2013_eac_trusted_addresses"]} {
pool exchange_2013_owa_pool7
} elseif { [class match [string tolower [HTTP::uri]] starts_with "exchange_2013_eac_trusted_uri"] } {
pool exchange_2013_owa_pool7
} else {
HTTP::respond 200 content $response
}
unset response
}
}
Comments
Shann_P_160848
Nimbostratus
Nimbostratus
Where should this address list exist so that the iRule can read these? Can you show an example of this address list as well?
Version history
Last update:
‎18-Mar-2015 14:47
Updated by:
Contributors