Solved

Exchange 2010 accepting fqdn name for OWA and nothing else

Posted on 2012-04-05
3
557 Views
Last Modified: 2012-12-27
I currently have a client set up with owa access. This was done by installing SSL Cert and opening 80 in the server and enabling a redirect via 80 to 443 for SSL enabling a user to type a non https URL and still have it resolve properly. On 2007 I have noticed at other sites when they use this function you can ONLY get to the OWA by typing in ____.domainname.com. If you try to browse the ip external (http://xxx.xxx.xxx.xxx you get a forbidden message. Which is what I want to mimic on exchange 2010. Currently if you type ____.domainname.com it will bring you to OWA. Also if you type http://xxx.xxx.xxx.xxx <--external ip address it also resolves to the OWA. Is there a way to require _____.domainname.com. This seems like a bit of a security issue to me.

Thanks in advance.
0
Comment
Question by:JMRSoftware
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 37811589
You need to go back to the IIS configuration and check out what host headers are in use on the websites you've created.

The sites where browsing to the IP address is forbidden probably have a host header set on the site bound to port 80 in IIS. The host header will be mail.domain.com, or whatever FQDN is used to access OWA. Once the host header is set, that site will only respond to inbound requests whose HTTP Header contains that name. Browsing to the IP address won't work.

Mind you, it's not a particularly grave security risk that browsing to the IP works unless that approach also allows them to log in without being redirected to a secure connection. Anyone can take an FQDN and resolve it to an IP address using built-in tools in any Operating System. It's how the networking stack translates a DNS name to an IP it can connect to - it's all publicly available.

-Matt
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question