Thursday, 4 February 2010

Restricting Website Access By IP Address in IIS7 - IPRestriction Module

In IIS5 and IIS6 it was pretty straight forward to control access to a website using the directpry security and adding rules into the IP Access Rules.

I came to do this on IIS7 today and it took me a good half hour to find out how to do it so here is a quick run down!

First off you need to enable the IPRestriction module by going into the server roles and adding it.

Next restart your IIS administration console (as the new module doesnt seem to appear until you do).

Next reopen your IIS7 admin console and select the website you want to apply the restriction.

Select the IP4 Address and Domain restriction module.

Add the IP address you want to allow/deny.

IMPORTANT - next you need to set the default rule to apply to unspecified clients.

Simply right click in the IPRestriction module where you added the IP address and select edit feature settings. From there set the default rule to deny if you want to restrict all IP's apart from the ones you specified.

And that is job done!

IIS7 does seem to mash ones head in a bit until you get your head around how it all hangs together.

11 comments:

Anonymous said...

thanks for the info, got my head mashed a bit because of this exact feature. Problem solved thanks to this post. :)

Johnny Walker said...

Just what I needed! Thanks very much!

Omen said...

Glad to help you out guys! :o)

Anonymous said...

been mashing my head for 4 hours looking for this. thank you SO SO much!

Anonymous said...

Great information. Thanks for posting!

Anonymous said...

Is it possible to use redirect to another site? user get 403 but I want to redirect to another site.

Omen said...

Hmm not with the module as far as i know. if i were implementing that id probably write my own handler/module. Not done a module yet but i dont think they differ massivley from Handlers in how they process requests.

Ive not investigated though so dont take this as gospel.

Do some digging.

Anonymous said...

Slight correction:

Add IIS Role Service vs. Server Role

Global default is to Allow so add Deny in "Edit Feature Settings..." on node (in Actions pane) and then Allow for subnet/supernet/IP if you wish to limit access to a node.

Tested perfectly on specific node and rest of site.

Thanks - saved me loads of time.

Anonymous said...

Thanks for this.. exactly what I was looking for.

Nick

Natarajan said...

Excellent. Timely help...

Corical said...

Shot, thanks had to install feature.