• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Securing OWA + redirecting URL

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Securing OWA + redirecting URL Page: [1]
Login
Message << Older Topic   Newer Topic >>
Securing OWA + redirecting URL - 4.Nov.2002 6:03:00 PM   
eyecre8

 

Posts: 19
Joined: 11.Oct.2002
From: Florida
Status: offline
Am having a problem (which I THINK may be an Internal DNS issue) with redirecting all OWA (outlook web access) users to a URL which uses secure transmittion: https instead of http.

We would like to force anyone who tries to connect to http://mydomain.com/myexchangeserver
to the same address but with the https in front:
https://mydomain.com/myexchangeserver

When we tried using the redirection option, we could no longer connect to the OWA server...it seemed as if when trying to load the page it was caught in some kind of loop.

any help of course would be greatly appreciated
Post #: 1
RE: Securing OWA + redirecting URL - 4.Nov.2002 7:28:00 PM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Sure sounds like you created a loop of some kind. If you use the standard IIS redirect option there's no way the server can know if it already has redirected the user, hence the loop.

Instead, you can achieve what you want by some simple tricks (originally taken from the MS site but I don't remember the article number). First, remove the automatic redirection to the https site. Instead demand that users connect with https encryption. This will mean that anyone accessing the OWA site with just http will get an error message stating "you need to use SSL to access this site". The trick is that IIS handles this as an ordinary error message, which means that you can modify the response sent to the user.

Next step is to create a virtual directory, e.g. owaasp on your exchange site. Then create an asp file in that directory and call it "ssl-redirect.asp". Enter the following code in that file:
code:
<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strRedirURL
strRedirURL = "https://" & Request.ServerVariables("SERVER_NAME")
strRedirURL = strRedirURL & "/exchange"
Response.Redirect strRedirURL
End If
%>

If you would access this file over the web, e.g. http://domain.com/owaasp/ssl-redirect.asp you will be automatically redirected to https://domain.com/exchange! Analyze the code and you will see why! Well, nice and fancy, but you don't want users to enter that long akward URL just to get to the https page. Instead, we are going to configure the settings for the /exchange virtual directory to map http 403;4 error messages to this asp page! Basically, what will happen is that a user connecting to http://domain.com/exchange will be sent to the asp page instead of the standard error message. And the asp page will redirect the user to the https connection. V=ila, automatic redirection!

To make this work open up the IIS admin snap-in. Browse to the /exchange directory, right-click and choose Properties. Go to the Custom Errors tab and select the 403;4 error. Click Edit properties and change settings to Message type=URL and URL = /owaasp/ssl-redirect.asp. Click OK and close all open windows. Now, whenever a user tries to connect to http://domain.com/exchange will be redirected to https://domain.com/exchange. Any user who connects directly to the https URL will not be connecting on port 80 and hence will not be (re)directed to the https site, in other words, no loop.

This works excellent for several of our sites! Keep in touch if you need further assistance.

Regards,

Johan

[ November 04, 2002, 07:32 PM: Message edited by: Johan Sandqvist ]

(in reply to eyecre8)
Post #: 2
RE: Securing OWA + redirecting URL - 11.Nov.2002 5:13:00 PM   
eyecre8

 

Posts: 19
Joined: 11.Oct.2002
From: Florida
Status: offline
I found a couple useful sites for anyone else that needs info on URL redirection:

http://www.iisadministrator.com/Articles/Index.cfm?ArticleID=9743

http://community.borland.com/article/0%2C1410%2C20550%2C00.html

These came in handy when figuring out how to redirect Outlook Web Access Users who type in the regular Http://MyFQDN/MyExchangeserver to a URL that is secure:
Https://MyFQDN/MyExchangeserver

I was just looking for a way that users didn't HAVE to remember to type the 'S' in the https://

Hope that info is useful.

(in reply to eyecre8)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Securing OWA + redirecting URL Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter