Home > Security Tips > Network Security Tactics > OWA may malfunction with some firewalls
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK SECURITY TACTICS

OWA may malfunction with some firewalls


Serdar Yegulalp
03.26.2005
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


The protective techniques that firewalls employ sometimes create unexpected side effects for legitimate applications. One problem that can crop up involves Outlook Web Access (OWA). Normally OWA works perfectly. But sometimes, for no discernible reason, certain messages will not display.

When a user tries to access a message, Internet Explorer produces the nondescript "This page cannot be displayed" error, with no further information. The message may be accessible from inside the organization or over a VPN, though, which makes it all the more puzzling.

MORE INFORMATION:

The answer lies in how some firewalls handle lengthy URLs. ("Lengthy" in this case means a thousand or more characters.) Even if a firewall is configured to allow access through port 80, it may still perform traffic analysis on HTTP requests passed through it.

Some firewalls have standing rules about how long a GET or POST request can be as a way of limiting possible buffer-overflow attacks through massively lengthy or malformed URLs. If these rules are too strict, they can cause OWA to fail at random. (Note that the length of the URL itself has nothing to do with the size of the page requested by the URL.)

There should be a way to edit your firewall's settings to allow longer URLs -- 2,000 characters at most should do it. If not, check with your firewall manufacturer for updated firmware that might solve the problem or add more functionality. Also, when you do this, make sure the Exchange system in question has been brought up to date with all available security patches.

Finally, some firewalls also object to the lengths of particular headers within a HTTP response. I am not aware of OWA experiencing problems specifically because of oversized headers in the responses it provides to clients, but it's something worth keeping in mind if the problem persists.

About the author
Serdar Yegulalp is editor of the Windows 2000 Power Users Newsletter and a regular contributor to SearchExchange.com.

This tip originally appeared on our sister site SearchExchange.com.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Security Tactics
New blacklists: Highly predictive or hardly worth it?
Smartphone security: The growing threat of mobile malware
Screencast: How Tor improves Web surfing privacy and security audits
Workstation hard drive encryption: Overdue or overkill?
Wireshark tutorial: How to sniff network traffic
IE 8 beta 2 security features may mark improvements for browser security
Screencast: How to use Nipper to create network security reports
Mining enterprise SIM logs for relevant security event data
How to configure NAP for Windows Server 2008
Exploring Microsoft's Network Access Protection policy options

Network Firewalls
Will there be DMZ routing issues if several firewalls serve as the default gateway?
What are the top LAN security issues in a client-server network environment?
Should tunnel connections be initiated from an ISP to a internal data center, or vice versa?
Cisco warns of security appliance flaws
Kaminsky: DNS issue still major threat
Product Review: Sophos Endpoint Security and Control 8.0
PCI DSS 1.2 clarifies wireless, antivirus use
Check Point adds virtual firewall appliance
Researchers develop lightweight Cisco IOS rootkit
Is it possible to allow select access to IP addresses using Windows Server 2003?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bastion host  (SearchSecurity.com)
firewall  (SearchSecurity.com)
Firewall Builder  (SearchSecurity.com)
personal firewall  (SearchSecurity.com)
screened subnet  (SearchSecurity.com)
virus  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts