With Exchange 2003, Microsoft released a whitepaper which provided specific details of how to use the HTTP filter for securing Exchange 2003 services like Outlook Web Access, RPC/HTTP, ActiveSync etc. However, since the release of Exchange 2007 this whitepaper does not appear to have been updated or a replacement published. As Microsoft has not provided this information in an official document, I have been wary to utilise the existing HTTP filter parameters for customer deployments, just in case they have an adverse effect on functionality.
However, by looking at the the policies defined within the default application optimisers of Microsoft Intelligent Application Gateway 2007 (which are supported) it is possible to determine that the following HTTP methods allow list should be sufficient for correct Exchange 2007 operation:
Outlook Web Access (OWA) - HTTP Methods Allow List
- BCOPY
- BDELETE
- BMOVE
- BPROPPATCH
- COPY
- DELETE
- GET
- HEAD
- LOCK
- MKCOL
- MOVE
- OPTIONS
- POLL
- POST
- PROPFIND
- PROPPATCH
- PUT
- SEARCH
- SUBSCRIBE
- OPTIONS
- POST
- GET
HTTPFilterConfig.vbs is a free script provided by Microsoft on the ISA Server CD, located in the \sdk\samples\admin folder. This script can be used to import HTTP filter settings from custom XML files and assign them to individual firewall policy rules. Once a HTTP filter settings XML file has been created, it can then be imported using the following syntax:
HTTPFilterConfig.vbs import RuleName HTTPPolicyXmlFileName.xml
Based upon the parameters defined in the above allow lists, it is therefore possible to define HTTPFilterConfig XML policies as follows:
OWA HTTP Filter XML Policy
You simply need to copy and paste the above text into notepad and save the file as Exchange2007OWAPolicy.xml or something similarly descriptive.
EAS HTTP Filter XML Policy
Once applied, the HTTP filter configuration can be viewed by right-clicking on the respective firewall policy rule defined during the HTTPFilterConfig import and selecting the Configure HTTP option. If imported correctly, you should see the following:
HTTP Methods for OWA
HTTP Methods for EAS
Additional information on HTTP filtering which applies to both ISA Server 2004 and 2006 can be found here.
Keep posted for further articles on using the HTTP Filter for other applications like Microsoft Office SharePoint Server (MOSS) 2007 amongst others...
No comments:
Post a Comment