Solved

Exchange 2010 accepting fqdn name for OWA and nothing else

Posted on 2012-04-05
3
556 Views
Last Modified: 2012-12-27
I currently have a client set up with owa access. This was done by installing SSL Cert and opening 80 in the server and enabling a redirect via 80 to 443 for SSL enabling a user to type a non https URL and still have it resolve properly. On 2007 I have noticed at other sites when they use this function you can ONLY get to the OWA by typing in ____.domainname.com. If you try to browse the ip external (http://xxx.xxx.xxx.xxx you get a forbidden message. Which is what I want to mimic on exchange 2010. Currently if you type ____.domainname.com it will bring you to OWA. Also if you type http://xxx.xxx.xxx.xxx <--external ip address it also resolves to the OWA. Is there a way to require _____.domainname.com. This seems like a bit of a security issue to me.

Thanks in advance.
0
Comment
Question by:JMRSoftware
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 37811589
You need to go back to the IIS configuration and check out what host headers are in use on the websites you've created.

The sites where browsing to the IP address is forbidden probably have a host header set on the site bound to port 80 in IIS. The host header will be mail.domain.com, or whatever FQDN is used to access OWA. Once the host header is set, that site will only respond to inbound requests whose HTTP Header contains that name. Browsing to the IP address won't work.

Mind you, it's not a particularly grave security risk that browsing to the IP works unless that approach also allows them to log in without being redirected to a secure connection. Anyone can take an FQDN and resolve it to an IP address using built-in tools in any Operating System. It's how the networking stack translates a DNS name to an IP it can connect to - it's all publicly available.

-Matt
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question