Jump to content
Welcome to our new Citrix community!

Exchange CVE-2020-0688

Darren Poppleton

Recommended Posts

Sure, don't publish the /ecp directory to the internet. 

Use for example NetScaler content switching to restrict which headers you allow, example:


add cs policy CS_Policy_Exchange-OWA -rule HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("mail.customer.com")&&HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("owa") -action CS_Action_Exchange-OWA


so /owa is allowed but if anyone tries to go to the /ecp directory your NetScaler will block this and no Exchange ECP is shown.




Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...