OWASP Top Ten to Secure SharePoint Public Site (Part 3)

Part 2, I introduced reverse proxy server as an answer to secure SharePoint public site. As reverse proxy is independent from SharePoint server farm, this avenue gives more independency towards the method or items to secure.

In part 3, I will show how to configure IIS server as Reverse Proxy and configure SharePoint AAM – so that the user will be able to access SharePoint through reverse proxy.

Before you continue this reading, you need to configure IIS reverse proxy. You also need to have basic understanding of the url rewrite rule. Please refers to “Reverse Proxy with URL Rewrite v2 and Application Request Routing” for basic understanding, installation and preparation.

I will use following diagram to describe how the user will access our SharePoint server.

User will access http://portal.contoso.com , the address of our Reverse Proxy. Reverse proxy will then forward the request to SharePoint WFE http://internalserver:2000. The SharePoint server will accept the request from Reverse Proxy and reply with SharePoint contents. Reverse Proxy will then return the response from SharePoint and give it back to the user.

Configuration in IIS
In the web.config modify rewrite rule to forward access from public to internal server.

 Configuration in SharePoint

  1. In Central Administration, click Configure Alternate Access Mapping
  2. Select website http://internalserver:2000
  3. Add public url http://portal.constoso.com. So you will have internal url http://internalserver:2000 , and public url http://portal.contoso.com

aam

Part 4, we will continue to secure SharePoint using IIS ARR

Leave a Reply