Take a look at c:\program files\exchsrvr\exchweb\bin\redir.asp I modify mine rather heavily, but you'll get the idea.
The basic intent is to ensure that: A) only certain specific protocols are used by links in an OWA email (this prevents things like taking advantage of the helpfile bugs, or using outlook: links or file: links in a trusted zone) B) that a link doesn't try to refer to the current host (this is to avoid OWA attacks themselves). To be able to do this scanning reliably requires absolute links. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Monday, February 28, 2005 9:22 AM To: Exchange Discussions Subject: RE: Front-End\Back-End OWA How does prepending "http://"; or "https://"; make things more secure? I'm not being argumentative, I just don't understand. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, February 28, 2005 9:09 AM To: Exchange Discussions Subject: RE: Front-End\Back-End OWA It's a security feature. It allows OWA to filter destructive URLs. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Monday, February 28, 2005 8:55 AM To: Exchange Discussions Subject: RE: Front-End\Back-End OWA http://support.microsoft.com/default.aspx?scid=kb;en-us;327800 Does anyone know why OWA generates absolute URLs, anyway? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris H Sent: Friday, February 25, 2005 3:19 PM To: Exchange Discussions Subject: Re: Front-End\Back-End OWA Even in Exchange 2003? Do you have a link to a doc that explains this? Ken Cornetet wrote: >If you have ISA do the SSL encryption/decryption, you have to install >an isapi filter in IIS for the OWA web site. > >OWA creates absolute URLs based on what requests it see come in. If it >sees "http:" coming in, it generates pages which reference "http:" >URLs. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Chris >H >Sent: Friday, February 25, 2005 3:03 PM >To: Exchange Discussions >Subject: Front-End\Back-End OWA > > >I have front-end \ back-end OWA through an ISA server working without >SSL. For those with any experience, am I better served to put the SSL >on each Exchange server or just add it once at the ISA server and let >it re-direct everything as SSL? Any traps? > >oh, if it matters, exchange 2003 sp1 and ISA server 2000 SP1 > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange >To subscribe: http://e-newsletters.internet.com/discussionlists.html/ >To unsubscribe send a blank email to >[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] >To unsubscribe via postal mail, please contact us at: Jupitermedia >Corp. >Attn: Discussion List Management >475 Park Avenue South >New York, NY 10016 > >Please include the email address which you have been contacted with. > > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange >To subscribe: http://e-newsletters.internet.com/discussionlists.html/ >To unsubscribe send a blank email to [EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] >To unsubscribe via postal mail, please contact us at: Jupitermedia >Corp. >Attn: Discussion List Management >475 Park Avenue South >New York, NY 10016 > >Please include the email address which you have been contacted with. > > > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
