Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org

Tuesday, May 6, 2008

Update: Blocking Unauthorized Devices from accessing OWA

With the help of several coworkers we are blocking the troublesome User-Agents.   Here is a way to do it:

ISAPI Rewrite is a Mod Rewrite implementation for IIS.   There is a lite and a full version available here:


So with the configuration below you can block the unauthorized blackberries.   I will edit the original post to include the solution.  For full details see the April 2008 post on the subject on this blog.

RewriteEngine  on
#Block Blackberry and other smartphones
RewriteCond %{
HTTP:User-Agent}  (?:BWC.Worker.*|BWC.Engine.*|MSFT-SPhone.*|PalmOne-TreoAce.*|AvantGO.*) [NC]  
RewriteRule .? -  [F,L]

Here is another approach for handling the blackberry devices which blocks it by IP address.