As we said earlier, the Restricted-Zone policy allows you to have a tighter security for certain parts of an application. In the next chapter, we will discuss the access rules that you can configure on the advanced trunk configuration, which allow you to completely block access to certain URLs with a high level of granularity, but using the restricted-zone feature can be more useful for situations where an application has certain areas that perform actions that may be considered to be more invasive or dangerous.
For example, when using Outlook Web Access, users may use the Options button to configure things like an out-of-office message, create rules, and change their password. Clicking this button in OWA 2010 requests the following URL, which shows the options pop-up: https://mail.createhive.com/owa/ev.owa?oeh=1&ns=Options&ev=GetOptsMnu&canary=10a8f50e34f8492487b8e7dbc74cef90
.
An administrator might feel that configuring these options should...