Todd, there's a lot of different ways you can go about this. I don't think
you can use any form of redirect from another IIS server; even if you could,
it doesn't offer any protection because it simply redirects the client from
the IIS server on the DMZ to your E2K box, and clients are still hitting
your E2K box directly.
To completely isolate your E2K box, you need a web proxy, such as Microsoft
ISA Server 2000. This can take your inbound web requests and proxy them on
to the E2K server, returning the response back to the client. You can also
run a front-end E2K server, which performs some of the same function.
Finally, you can use SSL only and not straight HTTP, which will prevent a
lot of the common hacks from getting through. Of course, you can also use
any combination of these methods as well. I'd also recommend using URLScan
on your E2K server, to add another form of protection at Layer 7.
Mercurion Systems, Inc.
> I would like to give my employees access to OWA but do not want my E2K box
> directly accessible to the Internet. I have an IIS box in my DMZ that I
> hoping to use as the portal from which I could have users access OWA
> Is this even possible or must the E2K box have a direct connection as