NimbostratusIE choking on exchange iRule
Hello community,
Bit of a strange issue, and it's most probably an IE bug but I was wondering if anyone had tips on how to mitigate by tweaking the iRule in the Exchange 2013 iApp. We can't reproduce the problem on other browsers (tested FF, Chrome and Safari), the problem, ironicly is only with IE:
We're protecting unauthorised access to /ECP. That part works. The problem arises when in the ECP and a user wants to at/change a messagebox rule. This opens up a popup. On IE, the pop up contains the error page, whereas it works with other browsers.
Here the iRule code:
when HTTP_REQUEST {
if { [HTTP::uri] contains "/ecp" } {
s
et response "
EAC Access Denied
We are sorry, but access to the Exchange
Administration Center is restricted to approved client IP addresses. Your IP address, [IP::client_addr], is not
approved.
"
if { [HTTP::header exists "Referer"] } {
if { [HTTP::header "Referer"] contains "rfr=owa" } {
pool
my_iapp_2013_owa_pool
}
} elseif { [class match [IP::client_addr] equals "
trustedAddresses
"]} {
pool
my_iapp_2013_owa_pool
} else {
HTTP::respond 200 content $response
}
unset response
}
}
Hi laerm, the popup isn's using the referer header that we key on to tell us that the request came from OWA instead of EAC. Try modifying your rule to include the URL for the rule editor:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] contains "/ecp" } { set response "EAC Access Denied We are sorry, but access to the Exchange Administration Center is restricted to approved client IP addresses. Your IP address, [IP::client_addr], is not approved." if { [HTTP::header exists "Referer"] } { if {[HTTP::header "Referer"] contains "rfr=owa" } { pool my_owa_pool } } elseif {[string tolower [HTTP::uri]] contains "/ruleseditor/editinboxrule.aspx" || [class match [IP::client_addr] equals "exchange_2013_trustedAddresses"]} { pool my_owa_pool } else { HTTP::respond 200 content $response } unset response } }
