13. October 2014

Securing the Exchange Control Panel

Securing the Exchange Control Panel using Netscaler Application Firewall

For this Blogpost I assume that you are already Load Balancing your Exchange Servers by using the NetScaler. If not you can find here a great Deployment Guide by Citrix. In my Lab Environment I also use Content Switching. So eventually you have to adjust the Virtual Server where you will bind your Application Firewall Policy to. Let´s start!

Navigate to Security -> Application Firewall -> Profiles

Exchange Control Panel

Here we will create a new Application Firewall Profile. Enter a Profile Name as you like and click “Create”.

Exchange Control Panel

Double Click that new created Profile and switch to the Security Checks Tab. Again Double Click Deny URL. Add a new Deny URL and enter the following Syntax: “^[^?]*/ecp” without quotes and mark the “Enabled” Check Box. In the General Tab enable at least the Block Check Box. Press OK.

Exchange Control PanelExchange Control PanelExchange Control Panel


Within the “Configure Web Application Firewall Profile” Window switch to the Settings Tab. You can specify here what will happen if /ecp will be accessed. In my setup i decided to redirect the Person to my Blog. Obviously you can create a HTML Website and upload it to the NetScaler.

Exchange Control Panel

After we successfully created a Profile we have to create a Policy and bind the Profile to Policy. To do this we switch to the Menu Security -> Application Firewall -> Policies -> Firewall. Here we click “Add”. Choose an appropriate name for the Policy. After that select the created Profile from the Dropdown Menu and as an expression simply enter “true”. Press OK.

Exchange Control Panel

Exchange Control Panel

To finish the setup we have to bind the Profile to an vServer, Content Switch vServer or Globally. In my Lab I decided to apply this Policy to the Content Switch vServer. We do this by starting the Application Firewall Policy Manager. You will find this Tool under Security -> Application Firewall -> Application Firewall Policy Manager. Switch to the Tab “CS Virtual Server”. Double Click your Content Switch vServer and insert your Policy. Click Apply Change and you are done. You can now start to test your newly created Application Firewall and try to access the Exchange Control Panel.

Exchange Control Panel

About Jens

My name is Jens Trendelkamp. I currently work as an IT Consultant at sepago GmbH. My fields of specialty are Application Delivery, SBC\VDI Solutions and Enterprise Mobility based on Products from Microsoft and Citrix.

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.