Solved

Sharepoint Site - external https access - internal http access

Posted on 2013-12-03
6
892 Views
1 Endorsement
Last Modified: 2014-03-25
We have an intranet site "Sharepoint - Intranet" - bound to ports 80 and 443.  People can use http or https to access it currently.  I have been asked to remove http access for external users.  The requirement currently is to have the same DNS entry for both sites - so

http://www.intranet.com would be the internal site
https://www.intranet.com would be used externally

I'm unclear on several things.  I have read that one way to accomplish this would be to extend the Sharepoint - Intranet site to use port 443.  But I'm unclear on how/whether this manages people coming in from the outside vs internal and how zones play into it if they do at all.  For example - I extend the site and make it available through https and put it in the Internet zone - then someone types in http://www.intranet.com from external and authenticates that way anyways ...?  Does a redirect also need to happen?

The second way I read that might accomplish this is to route traffic by way of IP address so that internal traffic is allowed to the http site and https traffic is routed to the external site -- as documented in the link below - but I am unclear whether you have to still have 2 seperate IIS sites ...

https://docs.gosecureauth.com/display/docs/URL+Rewrite+-+IP+Restrictions

Or if someone has another suggestion ..

Thanks!
1
Comment
Question by:PurpleSlade
  • 4
  • 2
6 Comments
 
LVL 8

Assisted Solution

by:vaderj
vaderj earned 500 total points
ID: 39693700
You would want to extend the web application, that is correct.
The reason for this is because extending the web application creates a second web site in IIS, though in SharePoint it will be the same site.
Once you extend it, you will need to then assign it the correct Alternate Access Mapping, along with correctly configure the Authentication Provider.
0
 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693726
How does this prevent external access via http?
0
 
LVL 8

Accepted Solution

by:
vaderj earned 500 total points
ID: 39693743
[SharePoint Web Application (p80) ]  ==> [ SharePoint Extended Web App (p443) ]
[AAM] Intranet = http://                                [AAM] Extranet = https://
[Authentication] NTLM                                  [Authentication] (Guessing anonymous?)


I dont know your network topology, but making the assumption that external DNS resolves to a reverse proxy.  You would want to setup the p443 in your rev proxy to resolve to your WFE, and p80 either to drop or to forward to the appropriate host thats not your SharePoint WFE
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693969
Talking to our network folks, we do not use a proxy server.
0
 
LVL 2

Assisted Solution

by:PurpleSlade
PurpleSlade earned 0 total points
ID: 39944119
I solved this using iis rewrite module.
0
 
LVL 2

Author Closing Comment

by:PurpleSlade
ID: 39952670
After much research I found a way to do this using iis.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now