Microsoft Exchange OWA/ECP behind OPNWAF with web protection

Started by MW, January 13, 2025, 01:21:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 13, 2025, 01:21:11 PM
Hi,

has anyone succesfully secured a Microsoft Exchenge OWA/ECP behind the OPNWAF included in Business edition with web protection enabled?
As i can see there is only a small specific ruleset for exclusions which do not cover MS Exchange.
So far it did only work without web protection for me...
January 13, 2025, 01:56:49 PM #1 Last Edit: January 13, 2025, 01:58:33 PM by Monviech (Cedrik)
Web application rules and exchange server are a very annoying combination.

I suggest you enable the web application firewall (Firewall: Web Application: Settings) and run it as "detection only" (this setting can be configured in a Virtual Server - Security - Web Protection).

Then you look at the web application logs "Firewall: Log Files: Web Security. Write down the rule IDs that trigger and you think are false positives.

Then you go to Virtual Server - Security - Web Protection and disable these rules with "Disable Security Rules by ID".

Afterwards you can put the Web Protection to "on" and see if everything still works.


------

Though from a security perspective, patching the Exchange Server regularly and limiting paths like /ecp should be enough as security hardening.
Hardware:
DEC740
Print
Go Up Pages1
User actions