Advanced Extranet Support
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
Windows SharePoint Services provides an object model for creating and managing incoming and outgoing URLs in cases in which a reverse proxy server must be implemented between the client computer and the Web server that is running Windows SharePoint Services. An incoming URL is the URL of a request when it reaches the Web server that is running Windows SharePoint Services. Windows SharePoint Services determines this URL by examining the application layer protocol (HTTP or HTTPS), the host header in the HTTP packet, and the destination port of the TCP packet. An outgoing URL is the base absolute URL that Windows SharePoint Services uses in the links that it generates on the pages that it returns to the user.
A reverse proxy configuration may be required, for instance, when the same SharePoint site must face both internally within a corporation or organization, and externally to an extranet or the Internet. In such a case, two servers share the same content, and the reverse proxy applies only to the externally facing server. The internally facing server is directly accessible by HTTP; the externally facing server can be reached only by a Secure Sockets Layer (SSL) request to the reverse proxy server.
Advanced extranet support addresses the following reverse proxy configurations:
SSL Termination — The user accesses a SharePoint site by specifying https as the protocol in the URL. A reverse proxy server receives the SSL request, converts it into an HTTP request (http), and forwards the converted request to the server that is running Windows SharePoint Services.
Host Header Modification — An application that generates a Web request includes a header in the request called the host header. The HTTP host header identifies the host that the user entered in the URL. In this configuration, the user accesses a SharePoint site using a URL such as http://www.example.com, where the host is www.example.com. A reverse proxy server receives the request, changes the host header to the internal name of the server that is running Windows SharePoint Services, such as sharepoint.internal.example.com, and then forwards the request to this server.
Port Translation — The user accesses a SharePoint site using a particular port number, such as 80 for HTTP requests. A reverse proxy server receives the request and forwards it to the server that is running Windows SharePoint Services on a different port, such as 1234.
In each of these cases, the reverse proxy server modifies the original request URL to become a different URL. Before advanced extranet support was added, Windows SharePoint Services assumed that the incoming URL it received was the original request URL. It used that incoming URL as the absolute URL in the links that it generated on the pages that it returned to the user, which would be the wrong URL for the user. Advanced extranet support makes it possible for Windows SharePoint Services to use a different protocol, host name, and port number in the links it generates on the pages that it returns to the user.
A reverse proxy server receives a request for a particular URL from the client computer; the proxy server then remaps the request to a different URL for the Web server that is running Windows SharePoint Services. For example, the proxy server may receive a request such as https://www.example.com/sites/Site/default.aspx but forward the request to the Web server as http://nn.nn.nnn.nn/sites/Site/default.aspx. With the advanced extranet support, Windows SharePoint Services can be customized to return the same original URL base (for example, https://www.example.com) in all links on its pages.
Advanced extranet support applies only to content Web applications and not to the SharePoint Central Administration Web site or Web application.
Windows SharePoint Services examines the packets it receives from the proxy server and isolates the protocol, host name, and port number parts of the request or incoming URL. It then uses two tables to determine the correct base of the URL to return: one table maps each incoming URL to a particular zone, and the other table maps each zone to a particular outgoing URL. Windows SharePoint Services rewrites the URLs shown on its pages using the outgoing base URL that it finds through the tables.
Zones map incoming URLs that Windows SharePoint Services receives from the proxy server to outgoing URLs that it uses in the links it generates on the pages it returns to the user. Five zones per virtual server represent the various ways of accessing a SharePoint site: Intranet, Internet, Extranet, Custom, and Default. Although each zone can have any number of incoming URLs, each zone can have only one outgoing URL.
The following types of the Microsoft.SharePoint.Administration namespace provide ways to create and manage alternate request URLs on a virtual server:
class has the following properties:
For more information about using reverse proxy servers with Windows SharePoint Services, see Reverse Proxy Configurations for Windows SharePoint Services and Internet Security and Acceleration Server.