IIS 7 and Above
IIS7 IPv4 address and domain restrictions - Deny public Internet
Last post Oct 23, 2009 05:41 AM by Leo Tang - MSFT
Oct 20, 2009 01:19 AM|Keep it Simple|LINK
At the web server level, (i.e. not taking into consideration routers and firewalls etc), how do you allow computers on you network to access IIS 7 (serving as an intranet) but block all public IP access?
1. Allow IP address range: 192.168.10.0 with a subnet mask of 255.255.255.0
2. Deny IP address range: 0.0.0.0 with a subnet mask of 0.0.0.0
Not entirley sure, please advise ... thanks
Oct 20, 2009 02:53 AM|lextm|LINK
Suggest you use a white list approach,
1. In IIS Manager, click on IP Address and Domain Restrictions.
2. click Edit Feature Settings in the right panel.
3. Choose Deny from the list, and click OK.
4. Click Add Allow Entry and add IP addresses and/or ranges.
In this way all unknown IP addresses will be forbidden.
Oct 22, 2009 09:41 PM|Keep it Simple|LINK
In Step 3, choose Deny etc. What IP Address range do I enter? Is it 0.0.0.0 with mask 0.0.0.0? Please advise ...
Also, my understanding is that Step 3 and 4 should be swapped becuase as per your suggestion, if the Deny rule is hit first, nobody will gain access. So it should have an Allow rule for the legitimate IP addresses followed by the Deny rule for all others.
Please correct me if I'm wrong ...
Oct 23, 2009 05:41 AM|Leo Tang - MSFT|LINK
You can add an Allow Entry :
address range: 192.168.10.0 with a subnet mask of 255.255.255.0
Then, click the Edit Feature Settings… on the Actions panel, selected Deny Access for unspecified clients, click OK.