Real-Time UC

A Universal Communications Blog by Office Apps and Services MVP Michael LaMontagne

Lync Office Web Apps Server

Limit access to Office Web Apps Server (OWAS)

When deploying an Office Web Apps Server (WAC/OWAS) the default allow list contains no domains, meaning OWAS will allow file requests to hosts in any domain.

OWAS_domain_unlocked

This could allow unauthorized use of your server/farm if the Office Web Apps Server is accessible from the Internet (deployed in DMZ or Reverse Proxy to Internal). An external party could define the Office Web Apps Server pointing to your OWAS URL and start using your server for their workloads.

To lock down Office Web Apps Server, use the “new-officewebappshost” cmdlet ( http://technet.microsoft.com/en-us/library/jj219459.aspx) and set the domain parameter.

Any external party trying to leverage your Office Web Apps Server will get a server connectivity issue error.

Hugo-Octopress Theme | Powered by Hugo