Exchange 2010 & F5

Question

I have a iRule to block access of OWA from outside of our enviroment using the below code.&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;    HTTP::enable
&nbsp;    if {[string tolower [HTTP::uri]] eq "/owa" } {
&nbsp;        HTTP::respond 401
&nbsp;    }
&nbsp;}&nbsp;
&nbsp;What we are seeing is repeated login screens.  What we would like to see is a unauthorized or unavailable error message come up.  What do I need to change to get a error message to pop up.  F5s are running 10.2.3 OS.&nbsp;&nbsp;&nbsp;

michael_yates · Answer

Hi Mike, 
&nbsp;  
&nbsp; A 401 is "The requested page needs a username and a password." You could either return a page from the Load Balancer, redirect the traffic to a different location, or change your status code to a 403. 
&nbsp;  
&nbsp; Hope this helps.

hooleylist · Answer

As Michael said, you could use a 403 for this to indicate the request will never be allowed.  A 401 indicates the app wants the user to present credentials for the request. 
  
 You could check for a URI which starts with /owa instead of matching /owa exactly.  And you shouldn't need to call HTTP::enable unless you're disabling the HTTP filter elsewhere with HTTP::disable:

when HTTP_REQUEST {
   if {[string tolower [HTTP::uri]] starts_with "/owa"}{
     HTTP::respond 403 content {Blocked!}
   }
}

Aaron

Forum Discussion

Exchange 2010 & F5

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Microsoft Exchange 2010 and 2013 iApp Template

Health Monitors for Exchange 2010

Exchange 2016

MS Exchange ProxyNotShell block implemented via iRules

Microsoft Exchange 2010 iRule Workflow Visualized