Posted by a10jliu
Came from a real-world deployment: Customer using Exchanger servers and need this:
1: http redirect to https: //x/owa when user tries to connect the host with no uri 2: certain directories are open to all, since these are push-mail related and user might access from Internet 3: all other directories are limited to certain IPs (could be both private and public) which are defined in a bw list:
Code:
when HTTP_REQUEST { set checkuri [ string tolower [HTTP::uri] ] # Do url redirect here if { ([HTTP::uri] matches “/”) } { HTTP::redirect “https://[HTTP::host]/owa” # Do open certain uri to all here } elseif { ( $checkuri starts_with “/ecp”) or ( $checkuri starts_with “/autodiscover”) or ( $checkuri starts_with “/microsoft-server-activesync”) } { # Other directories are only open to certain IPs } else { # Limit Access set local_addr [IP::remote_addr] set srcIP [ POLICY::bwlist id $local_addr Exchange_Allow ] if { not ($srcIP equals 15) } { #log “Not Allowed to login” drop } #Default Service Group will handle these legitimate requests } }