Forum Discussion
Exposed internal exchange server IP address via auto discover URL
To hide the internal IP address of your Exchange Server 2016 from external scans, you can implement a reverse proxy using a web application firewall (WAF) or a load balancer. The reverse proxy acts as an intermediary between the internal Exchange server and the external clients, masking the internal IP address and providing an extra layer of security.
Here are the steps to implement a reverse proxy using a WAF or a load balancer:
-
Configure the WAF or load balancer: Configure the WAF or load balancer to listen on a public IP address for incoming traffic and forward it to the internal IP address of your Exchange Server.
-
Update DNS records: Update the DNS records to point to the public IP address of the WAF or load balancer instead of the internal IP address of the Exchange Server.
-
Update Exchange settings: Update the Exchange settings to use the public IP address of the WAF or load balancer as the external URL for the Exchange services such as Autodiscover, Outlook Web Access, and Exchange ActiveSync.
-
Test the configuration: Test the configuration by accessing the Exchange services from an external network to ensure that the internal IP address of the Exchange Server is not visible.
By using a reverse proxy, you can hide the internal IP address of your Exchange Server from external scans and provide an extra layer of security for your Exchange environment. It's important to regularly monitor and update your reverse proxy configuration to ensure that it remains secure and effective.
(external link removed by moderator)