cancel
Showing results for 
Search instead for 
Did you mean: 

Block OWA Users Based on Domain

islam_nadim
Altocumulus
Altocumulus

Hello All,

 

Is there a way to block the users accessing the OWA through the F5 using their domain?

 

For example, I have 2 domains; domain1.com and domain2.com .. I want only users from domain1.com to be able to use OWA, but users from domain2.com to be blocked.

 

Is this possible on ASM/LTM level?

6 REPLIES 6

Hi islam.nadim,

 

ASM:

Security  ››  Application Security ›› Headers ›› Host Names

add host names

0691T000009izp9QAA.png

Security  ››  Application Security ››  Policy Building ›› Learning and Blocking Settings

›› Headers

›› Illegal host name

Enable alarm and block settings

0691T000009j00IQAQ.png

Save Policy

Apply Policy

 

LTM:

iRule:

when HTTP_REQUEST { if { [HTTP::host] ne "domain1.com" } { drop } }

Policy:

0691T000009j00hQAA.png

Hello  ,

 

Thank you for the reply, maybe I haven't cleared exactly what I'm looking to achieve. It is not related to DNS or FQDNs. It is related to logging in to the OWA. So, if a user types <Username>@domain1.com, he can access .. But if he types <Username>@domain2.com, ASM should block such traffic ..

 

I mean, I want only <Username>@domain1.com to be working, but any other domain to be dropped showing ASM block page.

 

Hope this clears what I'm looking to achieve.

Hello,

 

Do you have any login page in your ASM configuration?

If you deal with logging, then better to configure appropriate login page.

 

Thanks, Ivan

Thank you Ivan, I will look into this .. But does it validate the values in the field values?

It won't validate values - it will validate login results... and if your application doesn't allow login for user from @domain2.com, then such requests will be blocked by ASM

Jerde
Nimbostratus
Nimbostratus

I have seen some products capable of doing this with business gmail accounts but it as gmail runs business email accounts on separate domains based on MyCardStatement the business in question thats a lot easier. Microsoft is operating all the office365 mail services in the same external servers backing onto azure I believe.