OWASP Top Ten to Secure SharePoint Public Site (Part 3)

By | June 2, 2016

Part 2, I introduced reverse proxy server as an answer to secure SharePoint public site. As reverse proxy is independent from SharePoint server farm, this avenue gives more independency towards the method or items to secure.

In part 3, I will show how to configure IIS server as Reverse Proxy and configure SharePoint AAM – so that the user will be able to access SharePoint through reverse proxy.

Before you continue this reading, you need to configure IIS reverse proxy. You also need to have basic understanding of the url rewrite rule. Please refers to “Reverse Proxy with URL Rewrite v2 and Application Request Routing” for basic understanding, installation and preparation.

I will use following diagram to describe how the user will access our SharePoint server.

User will access http://portal.contoso.com , the address of our Reverse Proxy. Reverse proxy will then forward the request to SharePoint WFE http://internalserver:2000. The SharePoint server will accept the request from Reverse Proxy and reply with SharePoint contents. Reverse Proxy will then return the response from SharePoint and give it back to the user.

Configuration in IIS
In the web.config modify rewrite rule to forward access from public to internal server.

 Configuration in SharePoint

  1. In Central Administration, click Configure Alternate Access Mapping
  2. Select website http://internalserver:2000
  3. Add public url http://portal.constoso.com. So you will have internal url http://internalserver:2000 , and public url http://portal.contoso.com


Part 4, we will continue to secure SharePoint using IIS ARR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.