Outlook Web App HTTP Redirect Security Implication

Hello,

I have a customer who will not use Office 365 and has an Exchange 2016 server on a shoestring budget, they will not go for an Exchange Edge Server or WAP though I did get them to buy a firewall (Sonicwall)

I want to implement HTTP redirect for the OWA service and would like to know if opening port 80 on the Exchange server makes it significantly more vulnerable or is it a definite NO-NO.

I know there is a scale of security and normally I wouldn't do this but the client wants people to access webmail through webmail.company.com for ease.

One option I thought if it's possible it to spin up a basic VM in Azure to act as a redirect. Would that be better?

Cheers, as always I welcome input.

Dave
LVL 1
DeclaroAsked:
Who is Participating?
 
Blue Street TechLast KnightCommented:
IIS is what you need but I've never ran it as an Azure VM for on-premise Exchange. Here is a good guide for HTTP redirection: http://msexchangeguru.com/2016/08/31/e2016-http-to-https-redirection/

Let me know if you have any other questions.
0
 
Blue Street TechLast KnightCommented:
Hi Declaro,

Personally, I like opening 443 exclusively. The redirect will force all traffic on 443 anyway but I'd prefer to have as least ports open as possible on Edge/Gateway devices. With 62% of all web traffic now being encrypted people are used to typing HTTPS, IMO.

Let me know if you have any other questions!
0
 
DeclaroAuthor Commented:
Hi Thanks for the answer.

I agree, as few ports as possible is best. However the client only wants staff to have to type basic url and so far appears to be adamant. have advised against.

Would an unimportant Azure VM with IIS installed work as a redirect, will a 302 redirect work forClient Access Services?

Thanks
0
 
DeclaroAuthor Commented:
Thanks for your support, I have recommended that he doesn't use redirect. I am going to try using a VM for the redirect server as a test though to see how it pans out.

Dave
0
 
Blue Street TechLast KnightCommented:
Glad I could help... Thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.