Re: Unable to get to RWW or OWA

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Oliver Sommer [MVP] <o.sommer@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2008 23:46:35 +0000 (UTC)

Hi SuperGumby [SBS MVP],

if you allow port 80 into IIS you rely on IIS diversion to 443. Also,
though requests to the base folder are redirected to 443 specific
requests to http://site/folder may still be accepted without SSL.

/Remote and every folder I know of in SBS IIS which needs to be secure is setup to redirect by default to HTTPs by default.
If you'd like all custom folders to redirect and/or require SSL also, then do so, or restrict them to internal IPs/Subnets only.

If you require _authenticated_ SSL any initial request hits:
1st) the certificate issue mechanism.

Which is because of what safer for the server and because of what protecting the server from being compromised?

2nd) the authentication mechanism.

This is also in place even if that request qould be let through unencrypted...not recommending this, just to be clear.

if either step fails no further processing is performed.

Which is different in what point to when Port 80 is let through also?

As both mechanisms are involved in 'security' it is reasonable to
assume that substantial effort is spent (by MS) to ensure their
integrity.

And why is MS (see SBS help file) recommending to open port 80 to the SBS if it is that "unsafe"?
I don't think so and you did not prove me wrong, sorry.

Opening port 80 is silly.

Yeah, was waiting for this. I really love this kind of "argument"!
Open Port 80 imo is securitywise not a mistake, but makes life and usage more easy for users.

--
Oliver Sommer | MVP WESS
Small Business Specialist Partner Area Lead | SBSC PAL
Community sites | http://EBSfaq.com | http://MSSBSfaq.de

.

References:
- Re: Unable to get to RWW or OWA
  - From: SuperGumby [SBS MVP]

Prev by Date: Re: RWW not working
Next by Date: Re: RWW not working
Previous by thread: Re: Unable to get to RWW or OWA
Next by thread: Re: Unable to get to RWW or OWA
Index(es):
- Date
- Thread

Relevant Pages

RE: SSL redirect
... >> procedure to redirect all port 80 requests to SSL ...
(microsoft.public.inetserver.iis.security)
Re: SSL Redirect
... explaining our recommended method of SSL redirection as it pertains to OWA. ... > Microsoft GTSC, IIS ... >> "They" in this case are the four solaris admins who manage our apache web>> servers. ... I will look to figure out how to pull off the ISAPI>> redirect method if it will give me more options and leverege to pull this>> off ...
(microsoft.public.inetserver.iis)
Re: Danger to having Port 80 open on hardware firewall
... I was simply replying to the issue of getting http://fqdn/remote to redirect ... > port 80, consider upgrading to ISA. ... > at ISA and never touches the webserver. ... > requests never go any further. ...
(microsoft.public.windows.server.sbs)
Re: Wierd 301 Moved Loop in OWA
... appears to be some sort of endless redirect loop. ... The server responds with a 301 ... a non standard port for regular HTTP and then the usual 443 port for ... redirects all requests to HTTPS. ...
(microsoft.public.exchange.admin)
Re: ISA configuration question
... I'm referring to web proxy requests. ... Internal client requests web content ... Is there a way to force ISA to bridge web ... SSL connections as well. ...
(microsoft.public.isa.configuration)