Your OWA Publishing Rule Works — You’re Not Done Yet

Yay! You got your Outlook Web Access Web Publishing Rule to work. Even better, you also got your RPC/HTTP Web Publishing Rule to work. Your users are happy and now you can get to the thousand other things you need to take care of before starting your Christmas vacation. Whoa! Good job on getting OWA and RPC/HTTP to work, but you’re not done yet.

Why aren’t you done? Because you haven’t secured the connections yet. Yes, you’re doing pre-authentication at the firewall, which is a good thing since it protects you against anonymous attacks on your Exchange Server’s Web site. But you also need to make sure that only known good HTTP communication reach your Exchange Server.

How do you do that? You configure the HTTP Security Filter on the ISA or TMG firewall. The HTTP Security Filter enforces checks on a number of HTTP protocol parameters so that communications that fall outside of these parameters are dropped by the firewall. No, the HTTP Security Filter isn’t a “magic bullet” against all HTTP exploits, but it’s a powerful addition to your ISA or TMG firewall defense in depth plan.

Check out:

http://technet.microsoft.com/en-us/library/bb794796.aspx

for instructions on how to configure the HTTP Security Filter for your Exchange Web Publishing Rules.

Also, check out:

http://technet.microsoft.com/en-us/library/bb794737.aspx

This article shows you how to use a simple script to export your HTTP Security Filter configuration so that if you need to configure it for other servers, or to restore the configuration on this server, you can use the script to import the settings that you’ve exported using the same script.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top