tl;dr: if you don’t expose IIS on Exchange to the internet, you aren’t at risk. Otherwise you need to remediate quickly.
Thanks.
Regards,
Michael B. Smith
Managing Consultant
Smith Consulting, LLC
# Create the rule:
Add-WebConfigurationProperty -pspath $site -filter "system.webserver/rewrite/rules" -name "." -value @{name='RequestBlockingRule1'; patternSyntax='ECMAScript'; stopProcessing='True'}
# Add/Set the URL match:
Set-WebConfigurationProperty -pspath $site -filter "system.webserver/rewrite/rules/rule[@name='RequestBlockingRule1']/match" -name url -value ".*"
# Add/Set the condition:
Add-WebConfigurationProperty -pspath $site -filter "system.webserver/rewrite/rules/rule[@name='RequestBlockingRule1']/conditions" -name "." -value @{input="{REQUEST_URI}"; pattern=".*autodiscover\.json.*\@.*Powershell.*"; ignoreCase="true"; negate="false"}
# Add The actions(s)
Set-WebConfigurationProperty -pspath $site -filter "system.webServer/rewrite/rules/rule[@name='RequestBlockingRule1']/action" -name "type" -value "CustomResponse"
Set-WebConfigurationProperty -pspath $site -filter "system.webServer/rewrite/rules/rule[@name='RequestBlockingRule1']/action" -name "statusCode" -value 403
Set-WebConfigurationProperty -pspath $site -filter "system.webServer/rewrite/rules/rule[@name='RequestBlockingRule1']/action" -name "statusReason" -value "Forbidden: Access is denied."
Set-WebConfigurationProperty -pspath $site -filter "system.webServer/rewrite/rules/rule[@name='RequestBlockingRule1']/action" -name "statusDescription" -value "You do not have permission to view this directory or page using the credentials that you supplied."
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/19ddbe2d3be747eb8a7a02962c3fdc52%40smithcons.com.