none
How to selectively restrict external access to the internal 'Companyweb' site

    Question

  • I am running a SBS 2008 premium server (with SQL intalled)

    All users can access the internal web site both internally (using http://companyweb) and externally using https://remote.domainname.com:987.

    What I would like to do is allow all users to access 'Companyweb' internally, but stop external access for all except for around 6 staff.

    I can't see how to do this without also blocking the internal access as well.

    Does anyone know if this is possible?

     

    Evan

     

     

    Wednesday, September 01, 2010 1:55 PM

All replies

  • Does this Technet article points you in the right direction?
    http://technet.microsoft.com/en-us/library/cc816564(WS.10).aspx
    -Kevin Weilbacher (SBS MVP)
    "The days pass by so quickly now, the nights are seldom long"
    KW Support MVP Blog
    MVP's do NOT work for Microsoft. We give our time freely to support the SBS community!
    Wednesday, September 01, 2010 6:51 PM
  • HI Kevin,

    the article does not really help.

    The problem is that you can deny access to the RWW on https://remote.domain.com/remote but that does not stop a user directly accessing the internal website on https://remote.domainname.com:987.

    I have only found two solutions to this and that is block port 987 totally - but this is not helpful for those users who need access,

    or remove individual users permission to access the internal site - again this is not really a solution because I want all our users to be able to access the site internally.

    It seems odd that there is not a simple setting to deny access externally to the internal site in the same way as there is to block the RWW access.

     

    Evan

    Wednesday, September 01, 2010 10:35 PM
  • Let me see if any of the Sharepoint gurus have any ideas!
    -Kevin Weilbacher (SBS MVP)
    "The days pass by so quickly now, the nights are seldom long"
    KW Support MVP Blog
    MVP's do NOT work for Microsoft. We give our time freely to support the SBS community!
    Wednesday, September 01, 2010 11:12 PM
  •  

    Hi,

    Thank you for your post here.

    I think denying Companyweb access from external for particular users will be tough in native Sharepoint Service. The only practice that I can tell to achieve this is to deploy a application layer aware firewall such as ISA server. You can set a ALLOW rule and DENY rule which applied for specific users in the ISA server to prevent those users from accessing Companyweb over internet. Or you can set a ALLOW rule which explicitly allow the Companyweb access for other 6 users.

    Thursday, September 02, 2010 7:12 AM
  • Thank for your answers.

     

    Still it seems very odd that if all users need internal access to the site then it's a all or nothing approach to external access.

     

    We have workstations that are used for a specific task (data aquisition) but also double as workstations for various users. these workstations are logged in with a simple password (because everyone who walks up to use these needs to know how to log on (if not already).

    So if I want to give remote staff acccess to the internal site it seems I am going to have to have secure passwords on all our user accounts so that any tom dick or harry can't log onto our site and guess a password.

    Hardly seems the wonderful feature that Microsoft makes it out to be.

     

    Eva

    Friday, September 03, 2010 1:40 PM
  • Did you get any help on how to do this? We have similar situation. We need to block external access to rww but allow internal. Were able to do this with sbs2003, not able to in sbs2008.
    Tuesday, April 12, 2011 1:42 PM