In IIS5 and IIS6 it was pretty straight forward to control access to a website using the directpry security and adding rules into the IP Access Rules.
I came to do this on IIS7 today and it took me a good half hour to find out how to do it so here is a quick run down!
First off you need to enable the IPRestriction module by going into the server roles and adding it.
Next restart your IIS administration console (as the new module doesnt seem to appear until you do).
Next reopen your IIS7 admin console and select the website you want to apply the restriction.
Select the IP4 Address and Domain restriction module.
Add the IP address you want to allow/deny.
IMPORTANT - next you need to set the default rule to apply to unspecified clients.
Simply right click in the IPRestriction module where you added the IP address and select edit feature settings. From there set the default rule to deny if you want to restrict all IP's apart from the ones you specified.
And that is job done!
IIS7 does seem to mash ones head in a bit until you get your head around how it all hangs together.
Thursday, 4 February 2010
Restricting Website Access By IP Address in IIS7 - IPRestriction Module
Subscribe to:
Post Comments (Atom)
11 comments:
thanks for the info, got my head mashed a bit because of this exact feature. Problem solved thanks to this post. :)
Just what I needed! Thanks very much!
Glad to help you out guys! :o)
been mashing my head for 4 hours looking for this. thank you SO SO much!
Great information. Thanks for posting!
Is it possible to use redirect to another site? user get 403 but I want to redirect to another site.
Hmm not with the module as far as i know. if i were implementing that id probably write my own handler/module. Not done a module yet but i dont think they differ massivley from Handlers in how they process requests.
Ive not investigated though so dont take this as gospel.
Do some digging.
Slight correction:
Add IIS Role Service vs. Server Role
Global default is to Allow so add Deny in "Edit Feature Settings..." on node (in Actions pane) and then Allow for subnet/supernet/IP if you wish to limit access to a node.
Tested perfectly on specific node and rest of site.
Thanks - saved me loads of time.
Thanks for this.. exactly what I was looking for.
Nick
Excellent. Timely help...
Shot, thanks had to install feature.
Post a Comment