Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Here are the ISA Server/Forefront TMG HTTP Policy settings I use for ECP, OAB and Autodiscover. These settings were tested with Outlook 2007/2010 and Exchange 2007.
Setting and rule |
*Exchange ActiveSync |
*RPC over http (Outlook 2003/2007) |
General tab |
||
Maximum headers length |
32768 |
32768 |
Maximum payload length |
10485760 (10 MB) |
Any |
Maximum URL length |
1024 |
16384 |
Maximum query length |
512 |
4096 |
Verify normalization |
Yes |
Yes |
Block high bit characters |
Yes |
Yes |
Block responses containing Windows executable content |
Yes |
Yes |
Methods tab |
||
Allow only specified methods (see WEBDAV Methods http://msdn.microsoft.com/en-us/library/aa142917(EXCHG.65).aspx ) |
OPTIONS POST |
RPC_IN_DATA RPC_OUT_DATA GET POST |
Extensions tab |
||
Action taken for file extensions |
Allow only specified extensions |
Allow only specified extensions |
Extension list |
. (dot) |
.dll (rpcproxy.dll) .asmx (Exchange Web Service) .xml (for Auto discovery) .lzx (for OAB) .wsdl (Exchange Web Service) |
Block requests containing ambiguous extensions |
Yes |
Yes |
Headers Tab |
||
Blocked headers |
None |
None |
Signatures Tab |
||
Blocked signatures:Request URL |
./ \ .. % : |
./ \ .. % & |
Author: Jan Tiedemann, Senior Premier Field Engineer
Comments
Anonymous
January 10, 2011
Thank's for the guide, really usefull! We want to see more like this ;-) Just one question. When I use the Blocked signatures in ActiveSync HTTP-Filter, Nokia Phones can't download attachments anymore. When I look at the log on TMG it shows that they request the file with a "%" in the path. I guess that's the problem. Can you explain shortly, WHY you block certain signatures? I have a few customers, that have issues with their Nokia phones. Good part ist, that ActiveSync is not officially supported in our environment so I am very flexible ;-) THX!Anonymous
April 05, 2011
"Allow only specified methods" is not working for iPhone users social.technet.microsoft.com/.../65f65cb2-92e4-45a6-ade8-163f03619524Anonymous
May 08, 2014
Could someone also publish these settings for:
Exchange 2010
Exchange 2013
for OWA, Outlook Anywhere, ActiveSync and AutoDiscovery
I've searched for hours but cannot find anything new regarding these Exchange versions.