Outlook Web App HTTP Redirect Security Implication

Declaro
Declaro used Ask the Experts™
on
Hello,

I have a customer who will not use Office 365 and has an Exchange 2016 server on a shoestring budget, they will not go for an Exchange Edge Server or WAP though I did get them to buy a firewall (Sonicwall)

I want to implement HTTP redirect for the OWA service and would like to know if opening port 80 on the Exchange server makes it significantly more vulnerable or is it a definite NO-NO.

I know there is a scale of security and normally I wouldn't do this but the client wants people to access webmail through webmail.company.com for ease.

One option I thought if it's possible it to spin up a basic VM in Azure to act as a redirect. Would that be better?

Cheers, as always I welcome input.

Dave
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Hi Declaro,

Personally, I like opening 443 exclusively. The redirect will force all traffic on 443 anyway but I'd prefer to have as least ports open as possible on Edge/Gateway devices. With 62% of all web traffic now being encrypted people are used to typing HTTPS, IMO.

Let me know if you have any other questions!

Author

Commented:
Hi Thanks for the answer.

I agree, as few ports as possible is best. However the client only wants staff to have to type basic url and so far appears to be adamant. have advised against.

Would an unimportant Azure VM with IIS installed work as a redirect, will a 302 redirect work forClient Access Services?

Thanks
Last Knight
Distinguished Expert 2018
Commented:
IIS is what you need but I've never ran it as an Azure VM for on-premise Exchange. Here is a good guide for HTTP redirection: http://msexchangeguru.com/2016/08/31/e2016-http-to-https-redirection/

Let me know if you have any other questions.

Author

Commented:
Thanks for your support, I have recommended that he doesn't use redirect. I am going to try using a VM for the redirect server as a test though to see how it pans out.

Dave
Blue Street TechLast Knight
Distinguished Expert 2018

Commented:
Glad I could help... Thanks for the points!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial