Block Public IP for Url Root onlyRSS

1 reply

Last post Sep 09, 2019 05:05 AM by Jalpa Panchal

  • Block Public IP for Url Root only

    Sep 07, 2019 10:15 AM|Alberk89|LINK

    I am trying to setup UrlRewrite where I need to do the following.

    1) Block access for all public IP and allow private IP to access the root url (url is exposed to the internet)

        i) for example https://www.myweb.com  -- block when the source IP is public 

       ii) https://www.myweb.com/api  -- allow to access by all source IP

    Both the urls above is hosted on IIS 10 Windows Server 2016.

  • Re: Block Public IP for Url Root only

    Sep 09, 2019 05:05 AM|Jalpa Panchal|LINK

    Hi,

    You could use iis request blocking rule to block the request based on the IP address.

    Request Blocking - rule template

    You could use below rule to allow internal IP and block external IP for the root site and allow all the IP for the specific URL.

    <rule name="RequestBlockingRule1" patternSyntax="ECMAScript" stopProcessing="true">
                        <match url="^$" />
                        <conditions>
                            <add input="{HTTP_HOST}" pattern="^www.abc.com$" />
                            <add input="{REMOTE_ADDR}" pattern="192.168.2.*" />
                            <add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />
                            <add input="{REQUEST_URI}" pattern="/testmvc" negate="true" />
                        </conditions>
                        <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
                    </rule>

    {HTTP_HOST} use your hostname in this condition

    <add input="{REMOTE_ADDR}" pattern="192.168.2.*" />:

    use (.*) to deny all the ip address or pattern of the ip address.

    <add input="{REMOTE_ADDR}" pattern="127.0.0.1" negate="true" />:

    use internal allow ip address pattern or spcic ip adress.

    <add input="{REQUEST_URI}" pattern="/testmvc" negate="true" />:

    use your path like /api in this condition. 

    Regards,

    Jalpa

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.