Solved

Exchange 2010 accepting fqdn name for OWA and nothing else

Posted on 2012-04-05
3
562 Views
Last Modified: 2012-12-27
I currently have a client set up with owa access. This was done by installing SSL Cert and opening 80 in the server and enabling a redirect via 80 to 443 for SSL enabling a user to type a non https URL and still have it resolve properly. On 2007 I have noticed at other sites when they use this function you can ONLY get to the OWA by typing in ____.domainname.com. If you try to browse the ip external (http://xxx.xxx.xxx.xxx you get a forbidden message. Which is what I want to mimic on exchange 2010. Currently if you type ____.domainname.com it will bring you to OWA. Also if you type http://xxx.xxx.xxx.xxx <--external ip address it also resolves to the OWA. Is there a way to require _____.domainname.com. This seems like a bit of a security issue to me.

Thanks in advance.
0
Comment
Question by:JMRSoftware
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 37811589
You need to go back to the IIS configuration and check out what host headers are in use on the websites you've created.

The sites where browsing to the IP address is forbidden probably have a host header set on the site bound to port 80 in IIS. The host header will be mail.domain.com, or whatever FQDN is used to access OWA. Once the host header is set, that site will only respond to inbound requests whose HTTP Header contains that name. Browsing to the IP address won't work.

Mind you, it's not a particularly grave security risk that browsing to the IP works unless that approach also allows them to log in without being redirected to a secure connection. Anyone can take an FQDN and resolve it to an IP address using built-in tools in any Operating System. It's how the networking stack translates a DNS name to an IP it can connect to - it's all publicly available.

-Matt
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question