[horde] Blocking Active Sync Client

grupo correo grupodecorreo10 at gmail.com
Tue Mar 17 07:45:55 UTC 2015


Hi all.

For this application in our enviroment we use fail2ban for ban this App.
It's a very  powerful tool. This software read all logs.

Regards.

2015-03-13 15:38 GMT+01:00 Jan Schneider <jan at horde.org>:

>
> Zitat von Arjen de Korte <arjen+horde at de-korte.org>:
>
>
>  Citeren Jan Schneider <jan at horde.org>:
>>
>>  Zitat von Samuel Wolf <samuel at sheepflock.de>:
>>>
>>>  Zitat von Klaus Steinberger <klaus.steinberger at physik.uni-muenchen.de>:
>>>>
>>>>  Hi,
>>>>>
>>>>> we want to block for all users some types of Client. Especially the
>>>>> Microsoft/Accompli  Outlook App.
>>>>>
>>>>> I can block a client for a single user after he has connected, but I
>>>>> want to
>>>>> block this App for any user and forever.
>>>>>
>>>>> Reason:  The APP doesn't access Actice Sync directly, instead they use
>>>>> a bunch
>>>>> of servers at the Amazon Cloud. The bad thing is that the password
>>>>> will be
>>>>> stored at the Amazon Cloud.
>>>>>
>>>>>
>>>>> The App (or better the servers behind) show up like this (the ID is
>>>>> user
>>>>> dependent):
>>>>>
>>>>>
>>>>> Id: 289C17FE1CA68940
>>>>> Policy Key: 0
>>>>> Programm: Outlook-iOS-Android/1.0
>>>>> Modell: Outlook for iOS and Android
>>>>> Eindeutiger Name: Outlook for iOS and Android
>>>>> OS: Outlook for iOS and Android 1.0
>>>>> EAS Version: 14.1
>>>>> Gespeicherter Heartbeat (Sekunden): 540
>>>>>
>>>>> Sincerly,
>>>>> Klaus
>>>>>
>>>>> - --
>>>>> Rechnerbetriebsgruppe / IT, Fakultät für Physik
>>>>> Klaus Steinberger
>>>>> FAX: +49 89 28914280
>>>>> Tel: +49 89 28914287--
>>>>> Horde mailing list
>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>
>>>>
>>>> Hi Klaus,
>>>>
>>>> not exactly what you want, but may be a idea.
>>>> I allow only special clients via Apache config:
>>>>
>>>> ############################################################
>>>> ##############
>>>>       <Directory /var/www/https/horde/>
>>>>               Order Deny,Allow
>>>>               Deny from All
>>>>
>>>>       <Files "rpc.php">
>>>>         SetEnvIf User-Agent "Android/4.0.4-EAS-1.3" smartphone
>>>>         SetEnvIf User-Agent "motorola-XT910/1.0" smartphone
>>>>         SetEnvIf User-Agent "motorola-XT890/1.0" smartphone
>>>>         SetEnvIf User-Agent "Android/4.1.1-EAS-1.3" smartphone
>>>>       SetEnvIf User-Agent "Android/5.0.2-EAS-2.0" smartphone
>>>>       Order Deny,Allow
>>>>       Deny from All
>>>>         Allow from env=smartphone
>>>>       </Files>
>>>>
>>>>       </Directory>
>>>> ############################################################
>>>> ##############
>>>>
>>>> Samuel
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>
>>>
>>> Alternatively you can create a preauthenticate hook that sniffs on the
>>> global $browser object.
>>>
>>
>> I don't think either of these solutions will prevent from happing what
>> the topic starter intends to do. The username and password may have been
>> stored in the Amazon Cloud before the connection is made (and probably even
>> if the connection fails).
>>
>> To make sure that the username/password combinations can't be abused,
>> you'd need to block user accounts once you find that they are accessed
>> through this service, rather than just blocking ActiveSync sessions (the
>> damage has been done already by that time).
>>
>
> That's what a preauthenticate hook does.
>
>  Be sure to inform your users (and helpdesk) about this policy, since my
>> guess is that this will lead to users calling support why their accounts
>> have been blocked.
>>
>
> Indeed. I'm not sure if we destroy the session after a failing
> preauthenticate hook, but if not, he can push a $notification in the hook
> too.
>
> --
> Jan Schneider
> The Horde Project
> http://www.horde.org/
> https://www.facebook.com/hordeproject
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>


More information about the horde mailing list