Solved

Exchange 2010 accepting fqdn name for OWA and nothing else

Posted on 2012-04-05
3
555 Views
Last Modified: 2012-12-27
I currently have a client set up with owa access. This was done by installing SSL Cert and opening 80 in the server and enabling a redirect via 80 to 443 for SSL enabling a user to type a non https URL and still have it resolve properly. On 2007 I have noticed at other sites when they use this function you can ONLY get to the OWA by typing in ____.domainname.com. If you try to browse the ip external (http://xxx.xxx.xxx.xxx you get a forbidden message. Which is what I want to mimic on exchange 2010. Currently if you type ____.domainname.com it will bring you to OWA. Also if you type http://xxx.xxx.xxx.xxx <--external ip address it also resolves to the OWA. Is there a way to require _____.domainname.com. This seems like a bit of a security issue to me.

Thanks in advance.
0
Comment
Question by:JMRSoftware
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 37811589
You need to go back to the IIS configuration and check out what host headers are in use on the websites you've created.

The sites where browsing to the IP address is forbidden probably have a host header set on the site bound to port 80 in IIS. The host header will be mail.domain.com, or whatever FQDN is used to access OWA. Once the host header is set, that site will only respond to inbound requests whose HTTP Header contains that name. Browsing to the IP address won't work.

Mind you, it's not a particularly grave security risk that browsing to the IP works unless that approach also allows them to log in without being redirected to a secure connection. Anyone can take an FQDN and resolve it to an IP address using built-in tools in any Operating System. It's how the networking stack translates a DNS name to an IP it can connect to - it's all publicly available.

-Matt
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now