Blocking all the pages except Specific page for exchange Outlook on the web (OWA) using IIS ARR + URL Rewrite?

Evandro Boa Semedo 366 Reputation points
2021-07-27T20:16:12.297+00:00

Hi guys,

I have two IIS ARR + URL Rewrite deployed how reverse proxy to exchange server client access server.

I need to block all requests for my OWA URL <https://webapp.mydomain.net.br/owa>

But, i need to allow only to URL: https://webapp.mydomain.net.br/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebapp.mydomain.net.br%2fowa

In console i tryed this two options, but block all the urls.

118299-url.png

I tryed this too, but, no success.

<rule name="blocking owa" stopProcessing="true">
<match url="(.)" />
<conditions>
<add input="{URL}" pattern="(.
)" />
<add input="{HTTP_HOST}" pattern="webapp.mydomain.net.br" negate="true" />
<add input="{REQUEST_URI}" pattern="/owa/logon.aspx" negate="true" />
<add input="{HTTPS}" pattern="on" negate="true" />
<add input="{QUERY_STRING}" pattern="1&url=https" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>

Internet Information Services
{count} votes

Accepted answer
  1. HuryShen - MSFT 321 Reputation points
    2021-07-28T05:30:12.68+00:00

    You can create a rule like below:

       <rule name="rule1" enabled="true" stopProcessing="true">  
       <match url="^owa(.*)$" />  
       <conditions>  
         <add input="{REQUEST_URI}" pattern="^/owa/auth/logon.aspx(.*)$" negate="true" />  
       </conditions>  
       <action type="AbortRequest" />  
       </rule>  
    

    After that, all of the requests which start with https://webapp.mydomain.net.br/owa will be blocked except request start with https://webapp.mydomain.net.br/owa/auth/logon.aspx


    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. Evandro Boa Semedo 366 Reputation points
    2021-07-28T14:14:14.633+00:00

    Hi @HuryShen - MSFT ,

    Thank you for your help!

    Almost worked.

    I did all the configuration, but, not success. I disabled the others rules one by one, but the same error occur.

    118659-step-1.png

    118724-step-2.png

    This URL is working: https://webapp.mydomain.net.br/owa/healthcheck.htm (200 OK<br/>SRVCAS001.mydomain.NET.BR)

    But, this URL is blocked: https://webapp.mydomain.net.br/owa/auth/logon.aspx (ERR_HTTP2_PROTOCOL_ERROR)

    Any idea?

    Thanks again!

    0 comments No comments

  2. Evandro Boa Semedo 366 Reputation points
    2021-07-28T15:02:01.54+00:00

    Hi @HuryShen - MSFT ,

    I got it that way:

    118695-step-3.png

    I tryed using the specific URL bellow, but not success, is there any way to do working?!

    https://webapp.mydomain.net.br/owa/auth/logon.aspx?replaceCurrent=%$2013$2021

    Thanks again!

    0 comments No comments

  3. Evandro Boa Semedo 366 Reputation points
    2021-07-28T15:44:51.123+00:00

    I did this configuration, but is opening all urls about webapp.mydomain.net.br:

    <rule name="blocking rule 1" stopProcessing="true">
    <match url="(.)" />
    <conditions>
    <add input="{URL}" pattern="(.
    )" />
    <add input="{HTTP_HOST}" pattern="webapp.mydomain.net.br" negate="true" />
    <add input="{REQUEST_URI}" pattern="/owa/auth/logon.aspx" negate="true" />
    <add input="{HTTPS}" pattern="on" negate="true" />
    <add input="{QUERY_STRING}" pattern="/owa/auth/logon.aspx/1234567890" negate="true" />
    </conditions>
    <action type="AbortRequest" />
    </rule>

    0 comments No comments

  4. Evandro Boa Semedo 366 Reputation points
    2021-07-30T16:54:45.91+00:00

    It's working after i changing the OWA url on the server IIS+ARR.

    Thanks guys!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.