Forum Discussion
16 Replies
Sort By
Added a new irule, I was hoping to display this page after the user is authenticated via the apm. Any thought's?
Thanks in advance. Josh
priority 899 when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/ecp*" { Respond with a splash page with redirection. HTTP::respond 200 content { External ECP Access Disabled External Exchange Control Pannel (ECP) We are sorry, for security reasons external ECP access is disabled. To return click } } } }
- JGCumulonimbus
priority 899 when HTTP_REQUEST { Bar admin access: if { [HTTP::uri] starts_with "/ecp/?ExchClientVer=15" } { HTTP::respond 403 content { External ECP Access Disabled External Exchange Control Pannel (ECP) We are sorry, for security reasons external ECP access is disabled. To return click } "Content-Type" "text/html" Connection close } }
[Edited]
Hi Guys,
Any comments on the EAC function of the iapp? as per the below 2 points. Are we looking at updating the deployment guide and iapp at some point or are we missing something?
"Anyway, there seems to be 2 things here: 1) The APM acl function does not work (not matching a certain string); and 2) it seems pointless to have this function from your perspective."
priority 899 when HTTP_REQUEST { Bar admin access: if { [string tolower [HTTP::uri]] starts_with "/ecp/?exch" } { Bar access from everybody: if { [HTTP::uri] starts_with "/ecp" } { HTTP::respond 403 content { External ECP Access Disabled External Exchange Control Pannel (ECP) We are sorry, for security reasons external ECP access is disabled. To return click } "Content-Type" "text/html" Connection close } }
- JGCumulonimbus
Well, you may well add the "string tolower" bit, but I should think such a URL ought to be case-sensitive. I never tested it though.
Thanks for the reply. From our testing, it showed that if you used "ecp/?exchclientver=15" or "ECP/?ExchClientVer=15" the irule would not match and grant users access.
Once all our mailboxes have been migrated to exchange 2016 we will bar all external users to the ecp directory