Blocking IP Addresses from IIS

Hey Guys,

This may be a funny title in the beginning, but by the end of it, you will surely know the importance of this!

When would you Block IP Addresses?

There may be some situations in your live environment, that you need to block a certain IP address or some IP addresses, so that they do not generate traffic onto your websites.

Lets say the case is like:

1. Maybe a web crawler is trying to crawl your website and you wanna block that! [You can block a crawler from a Firewall directly, but its also possible from IIS.]

2. Your web application crashed due to some reason unexpectedly, and you want to stop all traffic so that your application can be up stable and running fast.

How to Block IP addresses from IIS?

Well, the blocking IPs differs in IIS 6.0 and IIS 7.5 and hence lets see both of them.

Below, as an example, I have considered the case where we can block all IP addresses from access and allow only one IP address to access our application.

Again, there can be many permutations available to cover a wide range of cases easily and effectively. :)

Blocking an IP address in IIS 6.0

  • In IIS 6.0,  go to the Website, right-click and select properties.
  • In here, select Directory Security.

Website -> Properties -> Directory SecurityNext,

  • Next, Select the option Edit in IP address and domain name restrictions. By default, you will see the below screen

IP Address and Domain Name Restrictions

  • Select Deny Access  to all the IP addresses

Select Deny Access Option

Select the Grant Access to a single computer and add the IP address.

Denying All and selecting one IP to have access

Now, if you try to access your application from any computer other than this, than it will deny you!

Thus you have successfully configured the blocking of IP addresses from IIS in 6.0

Blocking an IP address in IIS 7.5

As you might know, IIS 7.5 is very modular and hence in case you want to Block IP Address, then you need to install a Role Service for Web Server(IIS).

This module is called IP Addresses and Domain Restrictions.

  • When you install the above specified module, you will be able to see it in the IIS Manager as below:

IIS 7 Manager Features View - See the installed IP Restriction Module

  • On Opening this, you will see as below. In that, select the Option in the Actions Tab, Edit Feature Settings

Edit Feature Settings

  • You will see the following screen. Select the Option as Deny in Edit IP and Domain Restrictions Settings.

Edit Feature Settings - Details

  • Next, Add the Allow Entry as follows:

Add Allow Entry

  • Now, further, specify the IP address that you want to allow

Add Allow Restriction Rule - Details

And its done…. Your IPs are blocked!
Seems easy yea?  Try it out! :)
Happy IP Blocking!
About these ads

11 thoughts on “Blocking IP Addresses from IIS

  1. I’m familiar of this feauture, but do you know of any way to automate this (i.e. Scheduled Task)? We need to restrict access during payroll finalization so supervisors can get in to verify, but other users should not be able to access the site and make changes. I’m looking to use this feature to allow only 2 or 3 specific IPs Addresses during the payroll close weekend and reopen the site Monday morning for exapmle. Thanks!

    • Hi Bernie!
      Scheduled Task.. I am not aware of such.. Mostly not available, but can’t say!
      Maybe you can develop a windows service application which updates the Metabase.xml in case you use IIS 6.0 and ApplicationHost.config in case you have IIS 7.5

      You can do one thing (which is not scheduled automated but still), while login itself.
      Let’s say you have two login pages, one for anonymous access and one for admin access (from the IIS disable anonyous access and enable basic authentication).
      And you disable the anonymous access page till the date you don’t want others to access, while your admin access page is still usable for all your admins(supervisors will have basic authentication username and password and then it will ask for their individual username and password)
      On the required date, you can enable the anonymous access login page again so that others can access your payroll site

      Thanks for referring to my blog! In case of further queries/ideas, please let me know I will try my best to help you out!
      Regards,
      Varun Shringarpure

  2. whoah that weblog is actually fantastic i enjoy studying your posts. Keep up the great art! You understand, lots of people are shopping for this data, you can support these individuals considerably.

    • Thanks Bears Dre..
      Appreciation always energizes… Thanks for referring to my posts… keep referring them..
      I will surely try my best to keep it up! :)
      Cheers and Enjoy!

  3. the blocking doesn’t occur the same way though, it still prompts you for authentication in iis7.5 before it bails on an ip restriction. in iis6 it bails right away if ip is restricted. Do you have a solution for this? I’ve tried placing the iprestrictionmodule at the top of the priority list in 7.5 and still, no dice.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s