Solved

Sharepoint Site - external https access - internal http access

Posted on 2013-12-03
6
944 Views
1 Endorsement
Last Modified: 2014-03-25
We have an intranet site "Sharepoint - Intranet" - bound to ports 80 and 443.  People can use http or https to access it currently.  I have been asked to remove http access for external users.  The requirement currently is to have the same DNS entry for both sites - so

http://www.intranet.com would be the internal site
https://www.intranet.com would be used externally

I'm unclear on several things.  I have read that one way to accomplish this would be to extend the Sharepoint - Intranet site to use port 443.  But I'm unclear on how/whether this manages people coming in from the outside vs internal and how zones play into it if they do at all.  For example - I extend the site and make it available through https and put it in the Internet zone - then someone types in http://www.intranet.com from external and authenticates that way anyways ...?  Does a redirect also need to happen?

The second way I read that might accomplish this is to route traffic by way of IP address so that internal traffic is allowed to the http site and https traffic is routed to the external site -- as documented in the link below - but I am unclear whether you have to still have 2 seperate IIS sites ...

https://docs.gosecureauth.com/display/docs/URL+Rewrite+-+IP+Restrictions

Or if someone has another suggestion ..

Thanks!
1
Comment
Question by:PurpleSlade
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 8

Assisted Solution

by:vaderj
vaderj earned 500 total points
ID: 39693700
You would want to extend the web application, that is correct.
The reason for this is because extending the web application creates a second web site in IIS, though in SharePoint it will be the same site.
Once you extend it, you will need to then assign it the correct Alternate Access Mapping, along with correctly configure the Authentication Provider.
0
 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693726
How does this prevent external access via http?
0
 
LVL 8

Accepted Solution

by:
vaderj earned 500 total points
ID: 39693743
[SharePoint Web Application (p80) ]  ==> [ SharePoint Extended Web App (p443) ]
[AAM] Intranet = http://                                [AAM] Extranet = https://
[Authentication] NTLM                                  [Authentication] (Guessing anonymous?)


I dont know your network topology, but making the assumption that external DNS resolves to a reverse proxy.  You would want to setup the p443 in your rev proxy to resolve to your WFE, and p80 either to drop or to forward to the appropriate host thats not your SharePoint WFE
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:PurpleSlade
ID: 39693969
Talking to our network folks, we do not use a proxy server.
0
 
LVL 2

Assisted Solution

by:PurpleSlade
PurpleSlade earned 0 total points
ID: 39944119
I solved this using iis rewrite module.
0
 
LVL 2

Author Closing Comment

by:PurpleSlade
ID: 39952670
After much research I found a way to do this using iis.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary In SharePoint 2010 it is easy to create custom color themes to jazz up a site. Theme colors can also be created in PowerPoint 2010 with a few clicks. But how do the chosen colors actually look in the SharePoint site? The attached PowerPoint…
SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question