Forum Discussion
So after running this with the debug logs, I try and send data from this user and it doesn't pull anything. It does show entries for the debug and every now and then it will show a user that isn't on the list but still nothing gets sent to that user. Here are the HTTP transactions from the TCPDump. Let me know if you need more info from these dumps. Also I tried another config that I thought might be a bit simpler that I will list at the bottom.
19243.384521HTTP/XML777POST /EWS/Exchange.asmx HTTP/1.1 , NTLMSSP_AUTH, User: \OPSTEST@TSCHOEPETEST.COM
19343.384779TCP70http > 64714 [ACK] Seq=575 Ack=2062 Win=66560 Len=0 TSval=176811509 TSecr=2343575884
19443.760115HTTP/XML898HTTP/1.1 200 OK
19543.760141TCP7064714 > http [ACK] Seq=2062 Ack=1403 Win=5782 Len=0 TSval=2343576301 TSecr=176811547
when HTTP_REQUEST {
if { [HTTP::uri] contains "/EWS/Exchange.asmx" } {
set user [string tolower [HTTP::username]]
if { [matchclass EWS_Jail contains $user] } {
pool EWS_Jail_Pool
return
}
}
}