Options
aFleX for Exchange Server
Posted by a10jliu
Came from a real-world deployment:
Customer using Exchanger servers and need this:
1: http redirect to https: //x/owa when user tries to connect the host with no uri
2: certain directories are open to all, since these are push-mail related and user might access from Internet
3: all other directories are limited to certain IPs (could be both private and public) which are defined in a bw list:
Code:
when HTTP_REQUEST {
set checkuri [ string tolower [HTTP::uri] ]
# Do url redirect here
if { ([HTTP::uri] matches "/") } {
HTTP::redirect "https://[HTTP::host]/owa"
# Do open certain uri to all here
} elseif { ( $checkuri starts_with "/ecp") or ( $checkuri starts_with "/autodiscover") or ( $checkuri starts_with "/microsoft-server-activesync") } {
# Other directories are only open to certain IPs
} else {
# Limit Access
set local_addr [IP::remote_addr]
set srcIP [ POLICY::bwlist id $local_addr Exchange_Allow ]
if { not ($srcIP equals 15) } {
#log "Not Allowed to login"
drop
}
#Default Service Group will handle these legitimate requests
}
}
Came from a real-world deployment:
Customer using Exchanger servers and need this:
1: http redirect to https: //x/owa when user tries to connect the host with no uri
2: certain directories are open to all, since these are push-mail related and user might access from Internet
3: all other directories are limited to certain IPs (could be both private and public) which are defined in a bw list:
Code:
when HTTP_REQUEST {
set checkuri [ string tolower [HTTP::uri] ]
# Do url redirect here
if { ([HTTP::uri] matches "/") } {
HTTP::redirect "https://[HTTP::host]/owa"
# Do open certain uri to all here
} elseif { ( $checkuri starts_with "/ecp") or ( $checkuri starts_with "/autodiscover") or ( $checkuri starts_with "/microsoft-server-activesync") } {
# Other directories are only open to certain IPs
} else {
# Limit Access
set local_addr [IP::remote_addr]
set srcIP [ POLICY::bwlist id $local_addr Exchange_Allow ]
if { not ($srcIP equals 15) } {
#log "Not Allowed to login"
drop
}
#Default Service Group will handle these legitimate requests
}
}
0