Deny access to Exchange ECP from Internet with IIS ARR Reverse Proxy
Exchange 2010 and 2013 partially managed with Exchange Control Panel (ECP). It's a web-service running on IIS on Client Access Server. There is a problem: when you publish OWA in the Internet, you automatically publish ECP to the Internet too. And this is a security issue.
If you use IIS ARR as Reverse Proxy for publishing Exchange to the Internet, you can create rule that will block access to URLs like https://owa.domain.com/ecp/.
Here are the screens that will show how to create such rule. Notice, that the new rule must be placed to the top of all rules, so it will triggered before all others.