Solved

Sharepoint Site - external https access - internal http access

Posted on 2013-12-03
6
911 Views
1 Endorsement
Last Modified: 2014-03-25
We have an intranet site "Sharepoint - Intranet" - bound to ports 80 and 443.  People can use http or https to access it currently.  I have been asked to remove http access for external users.  The requirement currently is to have the same DNS entry for both sites - so

http://www.intranet.com would be the internal site
https://www.intranet.com would be used externally

I'm unclear on several things.  I have read that one way to accomplish this would be to extend the Sharepoint - Intranet site to use port 443.  But I'm unclear on how/whether this manages people coming in from the outside vs internal and how zones play into it if they do at all.  For example - I extend the site and make it available through https and put it in the Internet zone - then someone types in http://www.intranet.com from external and authenticates that way anyways ...?  Does a redirect also need to happen?

The second way I read that might accomplish this is to route traffic by way of IP address so that internal traffic is allowed to the http site and https traffic is routed to the external site -- as documented in the link below - but I am unclear whether you have to still have 2 seperate IIS sites ...

https://docs.gosecureauth.com/display/docs/URL+Rewrite+-+IP+Restrictions

Or if someone has another suggestion ..

Thanks!
1
Comment
Question by:PurpleSlade
  • 4
  • 2
6 Comments
 
LVL 8

Assisted Solution

by:vaderj
vaderj earned 500 total points
ID: 39693700
You would want to extend the web application, that is correct.
The reason for this is because extending the web application creates a second web site in IIS, though in SharePoint it will be the same site.
Once you extend it, you will need to then assign it the correct Alternate Access Mapping, along with correctly configure the Authentication Provider.
0
 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693726
How does this prevent external access via http?
0
 
LVL 8

Accepted Solution

by:
vaderj earned 500 total points
ID: 39693743
[SharePoint Web Application (p80) ]  ==> [ SharePoint Extended Web App (p443) ]
[AAM] Intranet = http://                                [AAM] Extranet = https://
[Authentication] NTLM                                  [Authentication] (Guessing anonymous?)


I dont know your network topology, but making the assumption that external DNS resolves to a reverse proxy.  You would want to setup the p443 in your rev proxy to resolve to your WFE, and p80 either to drop or to forward to the appropriate host thats not your SharePoint WFE
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693969
Talking to our network folks, we do not use a proxy server.
0
 
LVL 2

Assisted Solution

by:PurpleSlade
PurpleSlade earned 0 total points
ID: 39944119
I solved this using iis rewrite module.
0
 
LVL 2

Author Closing Comment

by:PurpleSlade
ID: 39952670
After much research I found a way to do this using iis.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question