Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Block OWA Users Based on Domain

islam_nadim
Cirrus
Cirrus

‎14-Oct-2020 05:40

Hello All,

 

Is there a way to block the users accessing the OWA through the F5 using their domain?

 

For example, I have 2 domains; domain1.com and domain2.com .. I want only users from domain1.com to be able to use OWA, but users from domain2.com to be blocked.

 

Is this possible on ASM/LTM level?

Labels:
0 Kudos
6 REPLIES 6

Enes_Afsin_Al
MVP
MVP

‎14-Oct-2020 09:47

Hi islam.nadim,

 

ASM:

Security  ››  Application Security ›› Headers ›› Host Names

add host names

0691T000009izp9QAA.png

Security  ››  Application Security ››  Policy Building ›› Learning and Blocking Settings

›› Headers

›› Illegal host name

Enable alarm and block settings

0691T000009j00IQAQ.png

Save Policy

Apply Policy

 

LTM:

iRule:

when HTTP_REQUEST { if { [HTTP::host] ne "domain1.com" } { drop } }

Policy:

0691T000009j00hQAA.png

0 Kudos

islam_nadim
Cirrus
Cirrus
In response to Enes_Afsin_Al

‎15-Oct-2020 02:42 - last edited on ‎24-Mar-2022 02:13 by Fog

Hello  ,

 

Thank you for the reply, maybe I haven't cleared exactly what I'm looking to achieve. It is not related to DNS or FQDNs. It is related to logging in to the OWA. So, if a user types <Username>@domain1.com, he can access .. But if he types <Username>@domain2.com, ASM should block such traffic ..

 

I mean, I want only <Username>@domain1.com to be working, but any other domain to be dropped showing ASM block page.

 

Hope this clears what I'm looking to achieve.

0 Kudos

Ivan_Chernenkii
F5 Employee
F5 Employee
In response to islam_nadim

‎29-Oct-2020 15:41

Hello,

 

Do you have any login page in your ASM configuration?

If you deal with logging, then better to configure appropriate login page.

 

Thanks, Ivan

0 Kudos

islam_nadim
Cirrus
Cirrus
In response to islam_nadim

‎19-Nov-2020 05:09

Thank you Ivan, I will look into this .. But does it validate the values in the field values?

0 Kudos

Ivan_Chernenkii
F5 Employee
F5 Employee
In response to islam_nadim

‎19-Nov-2020 12:41

It won't validate values - it will validate login results... and if your application doesn't allow login for user from @domain2.com, then such requests will be blocked by ASM

0 Kudos

Jerde
Nimbostratus
Nimbostratus

‎23-Nov-2020 00:46

I have seen some products capable of doing this with business gmail accounts but it as gmail runs business email accounts on separate domains based on MyCardStatement the business in question thats a lot easier. Microsoft is operating all the office365 mail services in the same external servers backing onto azure I believe.

0 Kudos
Copyright © 2023 Khoros, LLC