Exchange 2010 accepting fqdn name for OWA and nothing else

I currently have a client set up with owa access. This was done by installing SSL Cert and opening 80 in the server and enabling a redirect via 80 to 443 for SSL enabling a user to type a non https URL and still have it resolve properly. On 2007 I have noticed at other sites when they use this function you can ONLY get to the OWA by typing in ____.domainname.com. If you try to browse the ip external (http://xxx.xxx.xxx.xxx you get a forbidden message. Which is what I want to mimic on exchange 2010. Currently if you type ____.domainname.com it will bring you to OWA. Also if you type http://xxx.xxx.xxx.xxx <--external ip address it also resolves to the OWA. Is there a way to require _____.domainname.com. This seems like a bit of a security issue to me.

Thanks in advance.
JMRSoftwareAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tigermattCommented:
You need to go back to the IIS configuration and check out what host headers are in use on the websites you've created.

The sites where browsing to the IP address is forbidden probably have a host header set on the site bound to port 80 in IIS. The host header will be mail.domain.com, or whatever FQDN is used to access OWA. Once the host header is set, that site will only respond to inbound requests whose HTTP Header contains that name. Browsing to the IP address won't work.

Mind you, it's not a particularly grave security risk that browsing to the IP works unless that approach also allows them to log in without being redirected to a secure connection. Anyone can take an FQDN and resolve it to an IP address using built-in tools in any Operating System. It's how the networking stack translates a DNS name to an IP it can connect to - it's all publicly available.

-Matt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.