Building application firewall for SharePoint site will never been so easy. With Azure App Service we can quickly create public facing application firewall using IIS Application Request Routing and protect SharePoint web site in internal network. In this scenario, you will :
Create Azure App Service to serve as Reverse Proxy Register custom domain in Azure App Service Forward request from public URL to SharePoint internal URL The steps:
Last month, I had to reinstall my laptop because of disk failure. Today, when I try to compile my SPFx (SharePoint Framework) project, I encounter “phyton2” not found exception. In fact, when I read the exception it was thrown by gyp npm component. This component apparently requires phyton to be installed . I can not find anywhere in SPFx documentation, the instruction to install phyton - although this will be triggered by the tooling.
dIn part 4, we have sanitize response header from SharePoint portal by modifying response header through web.config custom header modification. Unfortunately, during my testing not all response header can be modified using this technique. Therefore we need to use custom httpmodule to clean-up the response header. Following are the list header that will be removed from the response using this technique:
Server X-AspNet-Version X-SharePointHealthScore SPRequestGuid X-Powered-By MicrosoftSharePointTeamServices SPIisLatency SPRequestDuration X-MS-InvokeApp We also want to add additional response header:
Part 2, I introduced reverse proxy server as an answer to secure SharePoint public site. As reverse proxy is independent from SharePoint server farm, this avenue gives more independency towards the method or items to secure. In part 3, I will show how to configure IIS server as Reverse Proxy and configure SharePoint AAM – so that the user will be able to access SharePoint through reverse proxy.
Before you continue this reading, you need to configure IIS reverse proxy.
In part 1, I elaborate what was the challenge in SharePoint default configuration and the default response header produced by WFE. Part-2, I will show how to clean response header and add additional layer of protection. From standard SharePoint deployment, we add a reverse proxy that will act as medium between the user (external client) and the SharePoint farm. So our diagram will change as follow: In computer network, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client form one or more servers.
In this post I will share how to secure SharePoint public site and follows the recommendation of OWAPS Top Ten. OWASP Top Ten is a powerful awareness document for web application security. It represents a broad consensus about what the most critical web application security flaws are. The goal here is to apply the changes to SharePoint standard installation as minimal as possible, so that the security rules will be applied independently.
I am personally not fan of Apple who wants to queue overnight for the first release of the device - but, I am a Microsoft’s fans. Especially when it deals with Microsoft SharePoint including the cloud version known as Office 365. Sometimes it is thrilling to get the first release, because we may encounter unexpected bug. In the past we saw some hiccup to early adopters of SharePoint patches. But who cares, the statistic still shows that the probability of this kind regression is low.
As many or my clients are now moving to Office 365, the cloud version of SharePoint, Exchange and their variants. I lose my control on patches and upgrade to the platform. In the past, our team control and advise the customer of new releases, features and create plan for the delivery to on-prem environment. Nowadays, this role has been taken by Microsoft’s team. We are no longer in charge of validation and releasing those patches.
English We continue our discussion to create installation package for our complex project. To remind you, a complex project is a software development project that delivers many component in the BOM (SharePoint WSP, scripts, batch files, etc.) See part-1 here. Defining Package Format As the title suggest, our package format is Nuget. Nuget is the package manager for the Microsoft development platform - so we expect that every developer is familiar with the tool.