Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Sharepoint Site - external https access - internal http access

Posted on 2013-12-03
6
931 Views
1 Endorsement
Last Modified: 2014-03-25
We have an intranet site "Sharepoint - Intranet" - bound to ports 80 and 443.  People can use http or https to access it currently.  I have been asked to remove http access for external users.  The requirement currently is to have the same DNS entry for both sites - so

http://www.intranet.com would be the internal site
https://www.intranet.com would be used externally

I'm unclear on several things.  I have read that one way to accomplish this would be to extend the Sharepoint - Intranet site to use port 443.  But I'm unclear on how/whether this manages people coming in from the outside vs internal and how zones play into it if they do at all.  For example - I extend the site and make it available through https and put it in the Internet zone - then someone types in http://www.intranet.com from external and authenticates that way anyways ...?  Does a redirect also need to happen?

The second way I read that might accomplish this is to route traffic by way of IP address so that internal traffic is allowed to the http site and https traffic is routed to the external site -- as documented in the link below - but I am unclear whether you have to still have 2 seperate IIS sites ...

https://docs.gosecureauth.com/display/docs/URL+Rewrite+-+IP+Restrictions

Or if someone has another suggestion ..

Thanks!
1
Comment
Question by:PurpleSlade
  • 4
  • 2
6 Comments
 
LVL 8

Assisted Solution

by:vaderj
vaderj earned 500 total points
ID: 39693700
You would want to extend the web application, that is correct.
The reason for this is because extending the web application creates a second web site in IIS, though in SharePoint it will be the same site.
Once you extend it, you will need to then assign it the correct Alternate Access Mapping, along with correctly configure the Authentication Provider.
0
 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693726
How does this prevent external access via http?
0
 
LVL 8

Accepted Solution

by:
vaderj earned 500 total points
ID: 39693743
[SharePoint Web Application (p80) ]  ==> [ SharePoint Extended Web App (p443) ]
[AAM] Intranet = http://                                [AAM] Extranet = https://
[Authentication] NTLM                                  [Authentication] (Guessing anonymous?)


I dont know your network topology, but making the assumption that external DNS resolves to a reverse proxy.  You would want to setup the p443 in your rev proxy to resolve to your WFE, and p80 either to drop or to forward to the appropriate host thats not your SharePoint WFE
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693969
Talking to our network folks, we do not use a proxy server.
0
 
LVL 2

Assisted Solution

by:PurpleSlade
PurpleSlade earned 0 total points
ID: 39944119
I solved this using iis rewrite module.
0
 
LVL 2

Author Closing Comment

by:PurpleSlade
ID: 39952670
After much research I found a way to do this using iis.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 do not offer the option to configure the location of the SharePoint diagnostic trace log files during installation.  This can, however, be configured through Central Administr…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question