Hey Guys,
This may be a funny title in the beginning, but by the end of it, you will surely know the importance of this!
When would you Block IP Addresses?
There may be some situations in your live environment, that you need to block a certain IP address or some IP addresses, so that they do not generate traffic onto your websites.
Lets say the case is like:
1. Maybe a web crawler is trying to crawl your website and you wanna block that! [You can block a crawler from a Firewall directly, but its also possible from IIS.]
2. Your web application crashed due to some reason unexpectedly, and you want to stop all traffic so that your application can be up stable and running fast.
How to Block IP addresses from IIS?
Well, the blocking IPs differs in IIS 6.0 and IIS 7.5 and hence lets see both of them.
Below, as an example, I have considered the case where we can block all IP addresses from access and allow only one IP address to access our application.
Again, there can be many permutations available to cover a wide range of cases easily and effectively. 🙂
Blocking an IP address in IIS 6.0
- In IIS 6.0, go to the Website, right-click and select properties.
- In here, select Directory Security.
- Next, Select the option Edit in IP address and domain name restrictions. By default, you will see the below screen
- Select Deny Access to all the IP addresses
Select the Grant Access to a single computer and add the IP address.
Now, if you try to access your application from any computer other than this, than it will deny you!
Thus you have successfully configured the blocking of IP addresses from IIS in 6.0
Blocking an IP address in IIS 7.5
As you might know, IIS 7.5 is very modular and hence in case you want to Block IP Address, then you need to install a Role Service for Web Server(IIS).
This module is called IP Addresses and Domain Restrictions.
- When you install the above specified module, you will be able to see it in the IIS Manager as below:
- On Opening this, you will see as below. In that, select the Option in the Actions Tab, Edit Feature Settings
- You will see the following screen. Select the Option as Deny in Edit IP and Domain Restrictions Settings.
- Next, Add the Allow Entry as follows:
- Now, further, specify the IP address that you want to allow
nice one!
Its my pleasure Vineet!
Such an easy language, thanks for sharing
Thanks Vishwas..
Nice description!!
Thanks Muktesh.
I’m familiar of this feauture, but do you know of any way to automate this (i.e. Scheduled Task)? We need to restrict access during payroll finalization so supervisors can get in to verify, but other users should not be able to access the site and make changes. I’m looking to use this feature to allow only 2 or 3 specific IPs Addresses during the payroll close weekend and reopen the site Monday morning for exapmle. Thanks!
Hi Bernie!
Scheduled Task.. I am not aware of such.. Mostly not available, but can’t say!
Maybe you can develop a windows service application which updates the Metabase.xml in case you use IIS 6.0 and ApplicationHost.config in case you have IIS 7.5
You can do one thing (which is not scheduled automated but still), while login itself.
Let’s say you have two login pages, one for anonymous access and one for admin access (from the IIS disable anonyous access and enable basic authentication).
And you disable the anonymous access page till the date you don’t want others to access, while your admin access page is still usable for all your admins(supervisors will have basic authentication username and password and then it will ask for their individual username and password)
On the required date, you can enable the anonymous access login page again so that others can access your payroll site
Thanks for referring to my blog! In case of further queries/ideas, please let me know I will try my best to help you out!
Regards,
Varun Shringarpure
whoah that weblog is actually fantastic i enjoy studying your posts. Keep up the great art! You understand, lots of people are shopping for this data, you can support these individuals considerably.
Thanks Bears Dre..
Appreciation always energizes… Thanks for referring to my posts… keep referring them..
I will surely try my best to keep it up! 🙂
Cheers and Enjoy!
the blocking doesn’t occur the same way though, it still prompts you for authentication in iis7.5 before it bails on an ip restriction. in iis6 it bails right away if ip is restricted. Do you have a solution for this? I’ve tried placing the iprestrictionmodule at the top of the priority list in 7.5 and still, no dice.
Why my own IP address has been blocked from accessing the site when I have added it as Allow entry in iis7
Daman,
Please check if there is something written on Firewall level.
Regards,
Varun Shringarpure