F5 filter for Exchange
Hello, I'm a MS Exchange admin, and I don't have much knowledge about F5.
Let me try to describe my problem. We have 2 Client Access servers behind the F5 BigIP. A couple of weeks ago we started to get millions of hits for one mailbox. Regular IIS log file size were 80MB now it is over 1GB. This mailbox is not in use, I have already tried everything in Exchange to disable the access to it, but we still get POST /autodiscover/autodiscover.xml. Unfortunately this is a Mac OS machine, and every time the hits are going for a common mailbox where multiple users have access. We were not able to identify the owner, or who uses this mailbox. configuring advanced logging we have identified the IP address but it is a public external IP address.
My question is, that is there a way to limit the number of requests we get by cs-username? If we filter the IP address that works for a week or two, but when the IP changes the hits are back.
I don't really know how to address this issue.
Thank you very much in advance.