Outlook Web App HTTP Redirect Security Implication

Hello,

I have a customer who will not use Office 365 and has an Exchange 2016 server on a shoestring budget, they will not go for an Exchange Edge Server or WAP though I did get them to buy a firewall (Sonicwall)

I want to implement HTTP redirect for the OWA service and would like to know if opening port 80 on the Exchange server makes it significantly more vulnerable or is it a definite NO-NO.

I know there is a scale of security and normally I wouldn't do this but the client wants people to access webmail through webmail.company.com for ease.

One option I thought if it's possible it to spin up a basic VM in Azure to act as a redirect. Would that be better?

Cheers, as always I welcome input.

Dave
LVL 1
DeclaroAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi Declaro,

Personally, I like opening 443 exclusively. The redirect will force all traffic on 443 anyway but I'd prefer to have as least ports open as possible on Edge/Gateway devices. With 62% of all web traffic now being encrypted people are used to typing HTTPS, IMO.

Let me know if you have any other questions!
0
DeclaroAuthor Commented:
Hi Thanks for the answer.

I agree, as few ports as possible is best. However the client only wants staff to have to type basic url and so far appears to be adamant. have advised against.

Would an unimportant Azure VM with IIS installed work as a redirect, will a 302 redirect work forClient Access Services?

Thanks
0
Blue Street TechLast KnightCommented:
IIS is what you need but I've never ran it as an Azure VM for on-premise Exchange. Here is a good guide for HTTP redirection: http://msexchangeguru.com/2016/08/31/e2016-http-to-https-redirection/

Let me know if you have any other questions.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DeclaroAuthor Commented:
Thanks for your support, I have recommended that he doesn't use redirect. I am going to try using a VM for the redirect server as a test though to see how it pans out.

Dave
0
Blue Street TechLast KnightCommented:
Glad I could help... Thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.