• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Outlook autodiscover conflicts with https

thanhmy

New Pleskian
Hi
We have a few CentOS 6 servers running Plesk 12.5 and OS vendor version of Apache 2.2 and have recently enabled https for some websites and opened access to https from the outside world.
However only a few websites are using SSL/TLS certificates and due to the way apache handles incoming https requests for domains that do not have https, it just shows the default plesk panel self-signed certificate and the default plesk webpage instead of denying access to the URL.
Scenario:
webpage1.com is hosted with us in server #1 and has SSL support and a valid certificate
webpage2.com is hosted with us in server #1 and does not have SSL support enabled

Both domains are used with Hosted Microsoft Exchange accounts for the customers email.
webpage1.com responds to https requests with a valid certificate, therefore users' mail clients will accept the 404 error and attempt using autodiscover.webpage1.com instead
webpag2.com does not have https enabled and therefore apache servers the default webpage using the self-signed certificate. the mail clients reject this certificate and users are prompted that the autodiscover page uses an invalid certificate and if they would like to proceed. Once the user accepts to continue they recieve the 404 error and the mail client attempts to user autodiscover.webpage2.com instead.

Is there a way for us to completely deny access to the default website on https so that users are faced with a timeout error before being presented with a certificate and therefore mail clients will not prompt users with certificate warnings?
 
What about just redirect all https requests to http with help of following rules in .htaccess:

Code:
RewriteEngine on
RewriteCond %{ENV:HTTPS} on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Is it ok for you?
 
What about just redirect all https requests to http with help of following rules in .htaccess:

Code:
RewriteEngine on
RewriteCond %{ENV:HTTPS} on
RewriteRule ^.*$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Is it ok for you?
Why don't you point autodiscover.webpage1.com & autodiscover.webpage2.com to the hosted exchange environment?

Are you using wildcard DNS by chance?
 
That's right, point autodiscover to the Exchange server, not to the web space. It won't work on the web space.
 
Back
Top