OWASP Top Ten to Secure SharePoint Public Site (Part 3)
Part 2, I introduced reverse proxy server as an answer to secure SharePoint public site. As reverse proxy is independent from SharePoint server farm, this avenue gives more independency towards the method or items to secure. In part 3, I will show how to configure IIS server as Reverse Proxy and configure SharePoint AAM – so that the user will be able to access SharePoint through reverse proxy.
Before you continue this reading, you need to configure IIS reverse proxy. You also need to have basic understanding of the url rewrite rule. Please refers to “Reverse Proxy with URL Rewrite v2 and Application Request Routing” for basic understanding, installation and preparation.
I will use following diagram to describe how the user will access our SharePoint server.
User will access http://portal.contoso.com , the address of our Reverse Proxy. Reverse proxy will then forward the request to SharePoint WFE http://internalserver:2000. The SharePoint server will accept the request from Reverse Proxy and reply with SharePoint contents. Reverse Proxy will then return the response from SharePoint and give it back to the user.
Configuration in IIS In the web.config modify rewrite rule to forward access from public to internal server.
https://gist.github.com/cakriwut/ebbfb75f66778bec342b11903c59607f
Configuration in SharePoint
- In Central Administration, click Configure Alternate Access Mapping
- Select website http://internalserver:2000
- Add public url http://portal.constoso.com. So you will have internal url http://internalserver:2000 , and public url http://portal.contoso.com
Part 4, we will continue to secure SharePoint using IIS ARR
)
Riwut Libinuko
Sr. Cloud Solution Architect
My research interests include distributed robotics, mobile computing and programmable matter.