Solved

Need to Secure my internet facing CAS server

Posted on 2011-09-16
2
288 Views
Last Modified: 2012-05-12
hi,

We have an exchange 2010 architecture that contains a site A and a site B. Site A is internet facing behind a firewall and we need to secure the CAS server from an IIS perspective because the default IIs page is showing when you try and access the site without the /owa at the end.
Could anyone please assist with this process
0
Comment
Question by:ablsysadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 500 total points
ID: 36549140
Not sure this is really a question of "securing" the IIS server.  Either you're allowing traffic on TCP 80/443, or not.  If you're running OWA on this box, you are.  If you're not running any other custom content on the IIS server, then it will be as secure as OWA can be - so long as you keep your updates current.

From a security perspective, don't run additional sites (especially apps) on the OWA server.  Don't install custom web components, either - just run what Exchange installed to support OWA.

As for the default IIS page, you might write a page that redirects incoming traffic to /owa - preferably using https.  You need only put actual content on the default web root to make the default IIS page go away.

Example default.aspx:
<%@ Page Language="C#" %> 
<script runat="server"> 
  protected override void OnLoad(EventArgs e) 
  { 
      Response.Redirect("https://[YourServerName.somewhere.com/owa"); 
      base.OnLoad(e); 
  } 
</script> 

Open in new window


Or default.html:
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=https://[YourServerName.somewhere.com/owa"> 
</head>

Open in new window


Hope that helps!
0
 

Author Comment

by:ablsysadmin
ID: 36590615
thanks, will give it a try asap and report back
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question