Forum Discussion

lcarico5_53817's avatar
lcarico5_53817
Icon for Nimbostratus rankNimbostratus
May 20, 2011

Restricting Access to Specific URI Mappings

I have external access to specific Sharepoint sites and restrict access to only those sites I allow. I'm also converting from WAF Apache rules to iRules on new ASM/LTMs. Soliciting suggestions as to the optimal method or iRule to accomplish this task. I would prefer to not use the entire proxypass iRule for the task. Below is a sanitized snippet from my mod_proxy rule that does this:

 

 

SharePoint Web Application baseline mappings

 

ProxyPass /favicon.ico http://sharepoint.xyz.com/favicon.ico

 

ProxyPass /_layouts/ http://sharepoint.xyz.com/_layouts/

 

ProxyPassReverse / http://sharepoint.xyz.com/

 

 

Individual SharePoint site mappings

 

ProxyPass /sites/defg/hij http://sharepoint.xyz.com/sites/defg/hij

 

ProxyPass /sites/klmn http://sharepoint.xyz.com/sites/klmn

 

ProxyPass /sites/opq http://sharepoint.xyz.com/sites/opq

 

ProxyPass /sites/rstu http://sharepoint.xyz.com/sites/rstu

 

ProxyPass /sites/vwxy http://sharepoint.xyz.com/sites/vwxy

 

ProxyPass /sites/zab http://sharepoint.xyz.com/sites/zab

 

 

Version 10.2.1.

 

Thanks!
application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 23, 2011
    Can you use Sharepoint's Alternate Access Mappings for this? That would be the simplest method for converting external URIs to internal URIs.

     

     

    For restricting access to specific URIs, you can use ASM. iRules cannot provide the level of normalization that ASM does natively. You'd want to configure the specific URIs that users should be able to access as URLs in the ASM policy.

     

     

    Aaron
  • lcarico5_53817's avatar
    lcarico5_53817
    Icon for Nimbostratus rankNimbostratus
    May 23, 2011
    Thanks for the reply Aaron.

     

    I appreciate your expertise in these areas and your willingness to share and help out in this forum.

     

    I'll look at using the ASM policies to accomplish this.