Drop request pre APM Login

Question

I have an APM policy for mail access.&nbsp;
Policy is as follows:&nbsp;
Client for MS Exchange -&gt; Login Page -&gt; Domain check -&gt; Domain A -&gt; LDAP Auth -&gt; Success -&gt; SSO -&gt; Allow
                                                                              -&gt; Fail           -&gt; Deny
                                                     -&gt; Domain B -&gt; LDAP Auth -&gt; Success -&gt; SSO -&gt; Allow
                                                                              -&gt; Fail           -&gt; Deny&nbsp;
So problem is we are moving to Exchange 2016 and want to restrict /mapi URI&nbsp;
I tried the following iRule but the our test show the user still getting to the login prompt.&nbsp;
when HTTP_REQUEST {
  if { [string tolower [HTTP::uri]] starts_with "/mapi/" } {
    log local0. "Rejecting [HTTP::uri] request"
    reject
  }
}&nbsp;
Would I need to set something in the policy or look at the following variable instead?   session.server.landinguri&nbsp;
If so how would I write this irule?&nbsp;
Thx
Rich&nbsp;

kunjan · Answer

Are they able to use mapi after Login?&nbsp;

richard_polyak · Answer

Ok figured out the issue. It was more than just /mapi requesting authentication, I also required to drop /ews &amp; /autodiscover for the new VS / APM policy.&nbsp;

Forum Discussion

Drop request pre APM Login

2 Replies

Recent Discussions

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

Stable Firmware for F5

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Related Content

Bypass Azure Login Page by adding a login hint in the SAML Request

Insufficient permissions BIG-IQ login error

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

How do I drop traffic on ASM?

Logging DNS Requests