Forum Discussion
Solved
Block Microsoft Exchange Server 2016 Exchange Admin Center (EAC) website from Internet
Hi, As per requirements from our customer to restrict EAC from External network, We have configured Exchange 2016 servers configured with Option 2 using the article below: https://docs.micr...
- I would highly recommend using a reverse proxy between your perimeter firewall and your Exchange server[s]. You can configure the reverse proxy to only pass through OWA traffic and ignore/drop ECP URL requests.
Once this is properly configured, you don't need to go through the hassle of disabling ECP on your Exchange Server or even creating a separate ECP site. (Although if you've already done that work, there's no reason to undo it.) Regardless of your choice, just be sure to set your external ECP URL values to null.
Off the top of my head, two potential solutions for a reverse proxy (I'm sure there are many) might be Citrix ADC (Netscaler) or Traefik. This is essentially what AAP does, but AAP (Azure App Proxy) is running in Azure, whereas your reverse proxy could run on premises.
Hi manuphilip,
Thanks again for your reply. Again, If you have noticed in my question (1st Post) I have mentioned that its already configured on the default ECP website but still in that case https://mail.domain.com/ecp login page is accessible which we want to block. We created a second ECP website with internal Private IP for administration purpose where -AdminEnabled:$true and default ECP website is -AdminEnabled:$false.
Hope this will clarify and you will understand the requirements 🙂
Thanks again for your reply. Again, If you have noticed in my question (1st Post) I have mentioned that its already configured on the default ECP website but still in that case https://mail.domain.com/ecp login page is accessible which we want to block. We created a second ECP website with internal Private IP for administration purpose where -AdminEnabled:$true and default ECP website is -AdminEnabled:$false.
Hope this will clarify and you will understand the requirements 🙂
The page reference clearly says the following
Verify that https://mail.contoso.com/ecp and https://mbx01.contoso.com/ecp return either of the following results:
404 - website not found
In that case, please make sure that, the steps followed are correct.
- Hi manuphilip,
I think you need to review my previous posts.
The steps followed are correct and yes It shows show 404 error or it redirects to owa settings page AFTER USER/ADMIN LOGINS to the ecp/EAC login page.
The requirement is to restrict/block the ECP login page also.
Hope this will clarify things for you the requirements.