26 November 2015

Deny access to Exchange ECP from Internet with IIS ARR Reverse Proxy

Exchange 2010 and 2013 partially managed with Exchange Control Panel (ECP). It's a web-service running on IIS on Client Access Server. There is a problem: when you publish OWA in the Internet, you automatically publish ECP to the Internet too. And this is a security issue.

If you use IIS ARR as Reverse Proxy for publishing Exchange to the Internet, you can create rule that will block access to URLs like https://owa.domain.com/ecp/.

Here are the screens that will show how to create such rule. Notice, that the new rule must be placed to the top of all rules, so it will triggered before all others.

exchange (en), exchange 2013 (en), exchange 2010 (en)

Last updated on 26 November 2015.
Hits: 9782

Previous article: Slow work of Veeam Backup & Replication GUI interface
Next article: STARTTLS issues in mail server MDaemon on Windows Server 2003

Add comment

Deny access to Exchange ECP from Internet with IIS ARR Reverse Proxy

Related Articles

Search and\or delete messages in mailboxes in Exchange 2010/2013/2016

Tracking messages in Exchange 2013 log files - easy and quick!

High availability and fault tolerance of Client Access Servers (CAS) in Exchange 2013

Duplicate Receive Connector in Exchange 2013 to the other server

Cookies policy

Cookie Policy for B-blog.info

What Are Cookies

How We Use Cookies

Disabling Cookies

The Cookies We Set

Third Party Cookies

More Information