Forum Discussion

Lyonell_165736's avatar
Lyonell_165736
Icon for Nimbostratus rankNimbostratus
Aug 06, 2014
Solved

TMG Migration - Deny Authentication

Good afternoon! I'm relatively new to BIG-IP, as we're working on a migration from TMG 2010 to BIG-IP 11.5.1 build 4.0.128. I searched documentation and the forums here but didn't find an answer to...
application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iApps
LTM
security
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Aug 07, 2014

    Sounds like you could create an iRule to drop or otherwise respond to requests for the Authentication URL and add it to the virtual server using the iApp. Maybe something like this:

    when RULE_INIT {
    set static::response "Access DeniedWe are sorry, but you may not authenticate to the SharePoint server."
}

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "/authenticate.aspx" } { 
        HTTP::respond 200 content $static::response         
    }
} 

when HTTP_RESPONSE {
    if { [HTTP::header exists "WWW-Authenticate"] } {
        HTTP::respond 200 content $static::response 
    }
}
mikeshimkus_111's avatar
mikeshimkus_111
Historic F5 Account
Aug 07, 2014

Sounds like you could create an iRule to drop or otherwise respond to requests for the Authentication URL and add it to the virtual server using the iApp. Maybe something like this:

when RULE_INIT {
    set static::response "Access DeniedWe are sorry, but you may not authenticate to the SharePoint server."
}

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "/authenticate.aspx" } { 
        HTTP::respond 200 content $static::response         
    }
} 

when HTTP_RESPONSE {
    if { [HTTP::header exists "WWW-Authenticate"] } {
        HTTP::respond 200 content $static::response 
    }
}