Don't Change the Port Number on the Front End

How can we change the port number we use for our Internet-facing Exchange Server Outlook Web Access (OWA) and Remote Procedure Call over HTTP Secure (RPC over HTTPS) clients?

To be blunt, you can't. Sure, you can tell Microsoft IIS to listen on a different port; it will obey and start listening for connections on the port you specify. But the front-end server just acts as a sort of proxy server that accepts client requests and sends them to the back-end server. That back-end server is the one that's responsible for rendering all the content that users see, and the server doesn't support anything other than the default ports: port 80 for unsecured HTTP and port 443 for HTTP plus Secure Sockets Layer (SSL). When the back end renders an OWA page, all the links it constructs use one of those two default port numbers. If you change the port number on the front end, the back end won't honor that change, resulting in broken links. Furthermore, why would you want to change the port number? If you're thinking of putting public services on lesser-known ports as an attempt to secure them through obscurity, that's like hiding your money under the mattress instead of keeping it in the bank. Such measures might lend a little temporary security, but anyone who port scans your public IP address will quickly discover the port-number change, rendering it useless as a security measure.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.