Living a SharePoint life

Monday, May 11, 2015

Securing SharePoint 2013 connections via TLS - Part 2

Securing your SharePoint servers via TLS is mandatory these days. Learn how to encrypt your Site Collection communication and how to configure automated redirection to a secure connection.

Picture by Ondrej Supitar / unsplash.com

In part 1 I showed you how to secure a Host Named Site Collection with TLS. But a user can still open the site collection without encryption. To force a secure connection we’ll have to create an automated redirect from http to https.

Leave the unsecure binding


You might think it’s a good idea to remove the http binding from the web application in IIS. But this would break your configuration, so don’t do that. Instead the binding is necessary for IIS to know which web application handles the request. From here the URL Rewrite module we are about to configure will take over.

First things first


To create a redirect we need an IIS extention called URL Rewrite which isn’t part of the regular IIS installation and cannot be found in the Windows installation either. Instead you must open a browser and download it from the official IIS support site http://www.iis.net/downloads/microsoft/url-rewrite

This post is


The download is free of charge. Instead of downloading it directly, you can use WebPI for installation. Install URL Rewrite on to every frond-end server in your farm. As soon as the setup finishes the installation, you should see a new module in the IIS Manager. If you don’t see the icon right away, close the IIS Manager and reopen it.


Detour


Now open the URL Rewrite module. Select Add Rule(s)… from the Actions menu and choose Blank inbound rule from the list. The new rule needs some configuration now. The first thing to do is to give it a name. I call my rule Redirect to HTTPS.


Next we need to define the matching condition, when the rule will be triggered. For the Requested URL we leave the setting to Matches the Pattern and for the Using drop-down it stays with Regular Expressions. The Pattern field is filled with (.*)

With this regular expression for the Match URL section, we tell the URL Rewrite module to inspect every site request. Next we’ll define a condition that has to be true.

Expand the settings for the Conditions. Use the Add… button to create a new condition. In the Condition input field enter {HTTPS}. Leave Check if input string set to Matches the Pattern and use the Pattern ^OFF$ in the Pattern field. Leave the Ignore case checkbox marked.


Skip the Server Variables section, we don’t need them here. Instead expand the Action section and use Redirect for the Action type drop-down. In the Action Properties enter https://{HTTP_HOST}/{R:1} in the Redirect URL field. This is the URL that IIS will be generating when the conditions we configured earlier are true. Keep the Append query string checkbox marked and for the Redirect type use Permanent (301).

If everything is configured the way as described, select Apply from the Actions menu to save your work.

Open a browser a navigate to your site using the unsecure http protocol. If everything goes right, your browser should redirect you to the secure page using https now.

Related Learning


If you are interested in learning about the URL Rewrite module you’ll find a load full of articles on the iis.net pages.

Using the URL Rewrite Module

Creating Rewrite Rules for the URL Rewrite Module

Setting HTTP request headers and IIS server variables

Last words of advice


Configuring the site collections to use TLS should always be done as early as possible. Not only to keep your sites secured from day one, but also because your users might use static unsecure URL to link pages and documents over time. If this happens, it can become cumbersome to find these links and replace them with the new URL.


So that's it. I hope you enjoyed the articles. Please leave a message in the comments section below how you liked it and don't forget to share the links with your Twitter and facebooks followers.

No comments:

Post a Comment

Featured Post

The Retro Powershell - Looking good in 8-Bit | Part 1

I wrote a little script that, when placed in your PowerShell Profile, will print a message similar to the old boot message you got from you...