When I try to access OWA via WAF, then I get following message in the browser
The problem is, that OWA will handle requests from a public IP different than internal requests from a internal LAN IP to the OWA Website. There are redirects attached in the URL's of OWA, where for external access will be used external FQN, for internal requests the internal servers IP address.
When opening OWA via packetfilter from Internet (no WAF), a URL looks like this one (extract from IIS Log)
2010-06-07 09:42:59 W3SVC1 192.168.10.10 GET /exchweb/bin/auth/owalogon.asp url=asg01.mypublicdomain.ch:444/.../4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729) 200 0 0 14308 599
from a internal network, or from WAF (internal ASG Interface) it looks like this (extract from IIS Log)
2010-06-07 09:51:29 W3SVC1 192.168.10.10 GET /exchweb/bin/auth/owalogon.asp url=192.168.10.10/.../4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729) 200 0 0 14303 663
There would be need in WAF for URL rewriting to change the internal redirect from ".../owalogon.asp url=192.168.10.10..." to ".../.../asg01.mypublicdomain.ch..." and vice versa
To change this behaviour on IIS Webserver is a pain, and I'd like to see this small but effective extension in Astaros WAF.
Please consider to also implement URL rewriting in the V8 GA.
BTW: I like the with 7.920 implemented URL hardening, this resolved my 2nd issue, that a default IIS on a SBS2003 Server puts beneath Exchange Web Access also a lot of other websites as monitoring, backup and internal companyweb into the "default website", and Astaro's WAF therefor did publish the whole "default website" to the Internet before 7.920, now I'm comfortable able to restrict access to /exchange and /exchweb [:D]
