OWA Protection Wizard
Purpose
You can start this application-specific wizard on the Wizards tab when you’ve selected an application in the navigation area.
This wizard creates a basic configuration especially for the web application Microsoft Outlook Web Access (OWA).
For more information regarding Wizards, see Using Wizards to Configure Applications.
Attributes
| Attribute | Meaning |
|---|---|
|
Enable OWA Protection Activate this option to activate the general protection for Outlook Web Access. |
Activate this option to activate the general protection for Outlook Web Access. |
|
User Restriction |
Activate this option to prevent users being able to access mailboxes other than their own. This means that colleagues’ data can’t be viewed via the Internet. If an attacker authenticates himself successfully, he therefore only has access to a small part of the information present. |
|
Forbid Private Login |
Activate this option to deactivate the OWA function Private Login. In this case, vWAF ensures that no session cookies are stored on the users’ computers. If a user’s browser remains open, attackers can’t then re-open the session and use it for the unauthorized access to data. |
|
Authentication Protection |
Activate this option to protect the login page from brute force attacks, in other words the automated try-out of large quantities of access data. After 10 unsuccessful login attempts, vWAF blocks the access for one minute. |
|
JavaScript Invalidation |
Activate this option to set vWAF to remove JavaScript code from the emails displayed to the user. |
Paths and handlers configured by the OWA Protection Wizard
The OWA Protection Wizard creates two new paths: /.*\.EML/? and /CookieAuth.dll. In addition, the OWA Protection Wizard configures the following handlers: