Block Exchange ECP externally

cairnsbryce · June 17, 2014, 2:29am

I am trying to block Exchange ECP(2013)from external access.
I am having issues with the aFlex rule below:

when HTTP\_REQUEST \{
if \{ HTTP::uri] starts\_with "/ecp" \} \{

drop

\}
\}

In the GUI I get a Warning: aFlex syntax error:line 3;"syntax error in expression"Http::url]starts\_with "/ecp" ":variable ref..""

What have done wrong and what would be the right syntax

thanks
Bryce

cairnsbryce · June 17, 2014, 6:20am

Figured it out

amazing what a missed [ will do

when HTTP\_REQUEST \{
if \{ [HTTP::uri] starts\_with “/ecp” \} \{

drop

\}
\}

gspiers · October 14, 2015, 6:53pm

I’m hoping someone can give me a hand with this. I literally copy and pasted this into a new aFlex script, and I get “System has encountered some problem. Please try again later!” when I click Create. I’m on a TH3030S running 4.0.1-SP9 build 31 if that helps.

Thanks,
Gairy

dshin · October 14, 2015, 8:39pm

Was this attempt done in the GUI or CLI? I would like to recreate the problem and provide recommendation. Have you done it multiple times?

Genard

gspiers · October 14, 2015, 8:43pm

Hi Genard, this was attempted using the GUI. I started by trying to block ecs, ews, and autodiscover to external IPs using the guidance here, under the “Security” section.

https://dev-a10wp.pantheonsite.io/aflex-examples/

None of the examples worked, and they all returned that message. I found the shorter link and that one failed also as mentioned above. I though it may be an issue with the parser, so I tried one that was already in our A10, a simple HTTP-to-HTTPS redirect, and that one took. Not sure why these are failing.

Thanks for looking into it.

dshin · October 14, 2015, 10:56pm

So I found the problem. The "(quotes) on the /ecp wherever you copied and pasted the aFleX translate to a different character. I suggest that you retyping the "(open quote/close quote) characters for the script to work. Tested it and it works.

when HTTP\_REQUEST \{
if \{ [HTTP::uri] starts\_with “/ecp” \} \{

drop

\}
\}

gspiers · October 15, 2015, 2:44pm

That did the trick Genard, thank you for finding that. I was able to get the blocking working, and a visual confirmation with a HTTP::redirect. Thanks again for your help.

when HTTP\_REQUEST \{
  set URI [HTTP::uri]
    if \{ not [IP::addr [IP::client\_addr] equals 192.168.1.0/24] and ($URI starts\_with "/ecp")\} \{

HTTP::redirect “http://example.net/not_authorized.html”

  \}
\}

when HTTP\_REQUEST \{
  set URI [HTTP::uri]
    if \{ not [IP::addr [IP::client\_addr] equals 192.168.1.0/24] and ($URI starts\_with "/ews")\} \{

HTTP::redirect “http://example.net/not_authorized.html”

  \}
\}

when HTTP\_REQUEST \{
  set URI [HTTP::uri]
    if \{ not [IP::addr [IP::client\_addr] equals 192.168.1.0/24] and ($URI starts\_with "/rpc")\} \{

HTTP::redirect “http://example.net/not_authorized.html”

  \}
\}

Discussion		Replies	Views
aFleX for Exchange Server aFleX	0	61	January 12, 2011
aFlex to Selectively Insert /owa for Exchange 2010 aFleX	2	31	June 28, 2011
Cannot get a simple URI redirect working aFleX aflex	2	91	March 9, 2017
HTTPS Rewrite Failing aFleX	1	72	April 22, 2015
Using array of URLs to block access? aFleX redirect	18	221	February 19, 2014

Block Exchange ECP externally

Related topics