Note that password
change through OWA must still be enabled in OWA for this to work.
23. Click OK to save the settings to the listener. Click Next when back at the Select Web
Listener page.
24. Under Authentication Delegation, choose Basic Authentication from the drop-down
box, since we are using Basic over SSL to the OWA server. Click Next to continue.
25. Under the User Sets dialog box, accept the default of All Authenticated Users, and
click Next to continue.
26. Click Finish to complete the wizard.
27. Click OK to confirm that further publishing steps may be required.
28. Click the Apply button at the top of the Details pane.
29. Click OK to acknowledge that the changes are complete.
At this point, the ISA server is set up to reverse proxy the OWA traffic and scan it for
Application-layer exploits. Note that with ISA Server 2004, the automatic HTTP to HTTPS
FIGURE 12.19 Automatically redirecting from HTTP to HTTPS.
338 CHAPTER 12 Securing Outlook Web Access (OWA) Traffic
redirection was not possible, and additional rules needed to be created to handle the redirection.
Fortunately, this is not the case in 2006, and automatic redirection is a new and
highly useful feature.
Pages:
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559