Responder Policy
Action: Reset
Expression: http.req.url.path.CONTAINS(“rpc”) && client.IP.SRC.IN_SUBNET(10.200.0.0/16).NOT
Bind it to exchange load balance vServer. This will block access to Exchange IIS “Rpc” virtual directory (Outlook Anywhere) for devices outside 10.200.0.0/16.
You can also go little beyond and create a pattern set and include
- owa
- rpc
and use the pattern set in the Responder Expression.
http.req.url.path.CONTAINS_ANY(“exch_ps”) && client.IP.SRC.IN_SUBNET(10.200.0.0/16).NOT