Announcement

Collapse
No announcement yet.

Securing External Access to OWA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing External Access to OWA

    Hi Everyone,

    I'm new at network security. I've setup OWA with SSL and it works great. I need a way to only have external requests open for OWA when using webmail.domain.com and not our external IP address. Right now, anyone who types our extenal DNS address or IP will receive our OWA page. I know ISA 2006 would fix this issue but we can't afford such a proxy server. I need to protect our external IP address and our network. Any sugesstions?

  • #2
    Re: Securing External Access to OWA

    Easiest way to do this would be to create a default container with no content (or that automatically forwards to xyz, or ...), and to create another container with a host header of webmail.domain.com
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Securing External Access to OWA

      Thanks for the quick reply. Please simplify it for me

      Comment


      • #4
        Re: Securing External Access to OWA

        You don't specify what OS or IIS version... http://www.google.co.uk/search?q=iis+create+new+website
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Securing External Access to OWA

          Sorry,

          I'm using Server 2003 Ent w/SP2 (IIS 6.0) and Exchange 2003 Ent w/SP2.

          Is there a link to a step by step for this particular setup?

          Comment


          • #6
            Re: Securing External Access to OWA

            First Google result shows you step by step procedure to create the new default container. Then you just need to modify the current container's Properties to define its host header.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Securing External Access to OWA

              How does this work with SSL and http to https redirection (html file)? I should have mentioned this earlier, huh?

              Comment


              • #8
                Re: Securing External Access to OWA

                It does help to have all of the details, yes

                In any case, it works the same way as it works now. All you're doing is filtering incoming requests to those addressed to the correct URL. Anything that doesn't match this filter will go to the default container, if you create one. You don't have to create another container - if not, requests will just be dropped.
                Gareth Howells

                BSc (Hons), MBCS, MCP, MCDST, ICCE

                Any advice is given in good faith and without warranty.

                Please give reputation points if somebody has helped you.

                "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                Comment


                • #9
                  Re: Securing External Access to OWA

                  I modified the IP address and added host headers to the default website. It worked like a charm! Thank you so much gforceindustries! So simple, duh!

                  IP address: 192.168.1.X
                  Host Header: webmail.domain.com
                  Port TCP 80 and SSL 443
                  Last edited by shades; 29th July 2009, 20:16.

                  Comment


                  • #10
                    Re: Securing External Access to OWA

                    Good to hear you got it working. Remember though that this isn't really securing OWA, it's merely very (VERY) slightly reducing the surface area open to attack.
                    Gareth Howells

                    BSc (Hons), MBCS, MCP, MCDST, ICCE

                    Any advice is given in good faith and without warranty.

                    Please give reputation points if somebody has helped you.

                    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                    Comment

                    Working...
                    X