Forum Discussion

F5user13_114603's avatar
F5user13_114603
Icon for Cirrus rankCirrus
Mar 25, 2017
Solved

iRULE to allow active sync access only for certain geolocation

Can anyone help me write an irule to allow active sync access only to certain geolocation.

 

Thanks!

 

application delivery
iRules
  • kunjan_118660's avatar
    kunjan_118660
    Mar 26, 2017

    You can try this:

    when CLIENT_ACCEPTED {

    set allowed 0

    if {  [whereis [IP::client_addr] country] eq "SG" } {

        set allowed 1 

    }

}

when HTTP_REQUEST {

    if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {

        HTTP::respond 403 content "Active Sync is blocked"

    }

}

6 Replies

Sort By
  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    Mar 26, 2017

    You can try this:

    when CLIENT_ACCEPTED {

    set allowed 0

    if {  [whereis [IP::client_addr] country] eq "SG" } {

        set allowed 1 

    }

}

when HTTP_REQUEST {

    if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {

        HTTP::respond 403 content "Active Sync is blocked"

    }

}
    • F5user13_114603's avatar
      F5user13_114603
      Icon for Cirrus rankCirrus
      Mar 26, 2017

      Thanks kujan for the response. I will try it out and let you know.

      In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:

      when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop

      }

      Thanks.

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Mar 26, 2017

    You can try this:

    when CLIENT_ACCEPTED {

    set allowed 0

    if {  [whereis [IP::client_addr] country] eq "SG" } {

        set allowed 1 

    }

}

when HTTP_REQUEST {

    if { [HTTP::path] starts_with "/microsoft-server-activesync"  and $allowed == 0 } {

        HTTP::respond 403 content "Active Sync is blocked"

    }

}
    • F5user13_114603's avatar
      F5user13_114603
      Icon for Cirrus rankCirrus
      Mar 26, 2017

      Thanks kujan for the response. I will try it out and let you know.

      In the meanwhile, I disabled strict mode for the Exchange iAPP and applied the below. Could you review and feedback if this would work:

      when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync*" { if {[whereis [IP::client_addr] country] eq "QA"} { TCP::idletime 1800 pool /Common/MS_Exchange_2016.app/MS_Exchange_2016_as_pool7 COMPRESS::disable CACHE::disable return } else drop

      }

      Thanks.