Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 784
  • Last Modified:

Is there anyway to block Outlook Web Access internally?

We have user's that are using outlook web access internally and we do not want them to. We have a link to OWA via our external website. We want user's to be able to use this link when they are not in the building. We currently use iprism for our internet filtering but haven't found a way to block this.
0
abahr
Asked:
abahr
  • 5
  • 3
  • 2
1 Solution
 
calepantkeCommented:
You can use IE's content advisor to block the webmail site on his PC. 
http://www.wikihow.com/Block-a-Website-in-Internet-Explorer-7
0
 
abahrAuthor Commented:
Great idea. Is there any way to do this easily for all of our PC's without touching each one? We also are not on IE7, but we can always upgrade to it.
0
 
calepantkeCommented:
Yes you can. Implement the content advisor through group policy if you are running active directory. 
You can find it under User Config/Windows Settings/Internet Explorer Maintenance/Security/Security Zones and Content Ratings and modify the Content Ratings there. 
A little more information can be found here.
http://www.experts-exchange.com/Security/Misc/Q_21226658.html
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
calepantkeCommented:
I decided to test this... and if you have a webmail site like mail.mydomain.com then if someone tries to go to www.mydomain.com they will get blocked. 
If you don't want this, another way to do it is to add a fake route for the webmail IP on every machine. You can do this through GPO.
http://www.experts-exchange.com/Security/Software_Firewalls/Q_22777039.html
Or you could try out using Windows Firewall to block the IP. 
0
 
calepantkeCommented:
"I decided to test this... and if you have a webmail site like mail.mydomain.com then if someone tries to go to www.mydomain.com they will get blocked."

My mistake... I didn't check the "Users can see websites that have no ratings". This works well. Sorry for the confusion!
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Actually, it's much easier than that.

In IIS, just block your internal IP addresses from the \Exchange virtual directory.

Right click the Exchange virtual directory and select properties > Directory Security Tab.

Click the Edit... button under IP address and domain name restrictions.

Leave the "Granted access" selected, and then Add.. whatever IP address range you like to restrict access.

Jeff
TechSoEasy


image.png
image2.png
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You can also exclude your EXTERNAL IP address as well if they are going out and back in to access OWA.

Jeff
TechSoEasy
0
 
calepantkeCommented:
Which you could do the same with a bad route as well which I listed above.
It depends which method is easier for the environment you are in. Sometimes you have certain Computers, other times it's certain Users, or maybe certain IP address ranges. 
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The "bad route" solution still requires configuration at the workstation level (either directly or through group policy).  The suggestion I made is done at the server level.  These are very different methods.

Jeff
TechSoEasy
0
 
abahrAuthor Commented:
Thanks for your help!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now