<ipSecurity> in web.config

Martin Stabrey 1

We're wanting to restrict access to a folder called "unicol" on our web site. Only one IP address should be able to access this folder.
Will the below web.config on the root folder of our web site do the trick? Is there anything that we need to add or leave out?

Thank you.

Mart

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <directoryBrowse enabled="false" />
        <defaultDocument>
            <files>
                <clear />
                <add value="default.aspx" />
            </files>
        </defaultDocument>
        <httpErrors errorMode="DetailedLocalOnly" existingResponse="Auto" />
    </system.webServer>

  <location path="unicol">
    <system.webServer>
      <security>
        <ipSecurity allowUnlisted="false">
          <clear />
          <add ipAddress="xx.xx.xx.xx" allowed="true" />
        </ipSecurity>
      </security>
   </system.webServer>
  </location> 

</configuration>

3 answers

Yijing Sun-MSFT 7,066 Reputation points

2021-10-18T06:35:16.91+00:00

Hi @Martin Stabrey ,
As far as I think,you need create a new web.config file in your unicol file instead of the root folder.

Best regards,
Yijing Sun

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
Martin Stabrey 1 Reputation point

2021-10-18T07:17:14.737+00:00

Thank you.

So besides putting the code into a web.config inside the specific folder and then removing the <location> section, would everything else appear okay in this web.config example?

Yijing Sun-MSFT 7,066 Reputation points

2021-10-18T09:35:59.62+00:00

Hi @Martin Stabrey ,

would everything else appear okay in this web.config example?

Do you want to show these codes?

<system.webServer> <directoryBrowse enabled="false" /> <defaultDocument> <files> <clear /> <add value="default.aspx" /> </files> </defaultDocument> <httpErrors errorMode="DetailedLocalOnly" existingResponse="Auto" /> </system.webServer>

Best regards,
Yijing Sun

Martin Stabrey 1 Reputation point

2021-10-18T09:45:11.527+00:00

I don't know? Do we? Don't we? :-)
As you can see, I know nothing about web.config files.
Thanks for you help.

Yijing Sun-MSFT 7,066 Reputation points

2021-10-19T02:29:57.633+00:00

Hi @Martin Stabrey ,
The <directoryBrowse> element's enabled attribute means that you specify whether directory browsing is enabled (true) or disabled (false) on the Web server.
The <defaultDocument> element means that you specify the file name.The <httpErrors> element allows you to configure custom error messages for your Web site or application.
If you only need limit the IP address to access the file,you don't add them.
Best regards,
Yijing Sun
Sign in to comment
Martin Stabrey 1 Reputation point

2021-10-19T07:55:07.88+00:00
Thank you. That makes sense. We have removed those sections.

We now have added this very basic web.config to the folder in question:

<?xml version="1.0"?>
<configuration>

<system.webServer> <security> <ipSecurity allowUnlisted="false"> <clear /> <add ipAddress="102.182.255.11" allowed="true" /> </ipSecurity> </security> </system.webServer>

</configuration>

Why would we be receiving the 500.19 error. Is it something to do with the configuration of the server at our web presence provider?
Please sign in to rate this answer.
Yijing Sun-MSFT 7,066 Reputation points

2021-10-20T02:32:07.213+00:00

Hi @Martin Stabrey ,
Blocking access to a certain folder can be set after deploying to IIS. There is no need to create a new web.config under the folder to configure ipsecurity. IPsecurity can only be configured in the applicationhost.config file. So find the file and add a paragraph:

<location path="site name/unicol"> <system.webServer> <security> <ipSecurity allowUnlisted="false"> <add ipAddress="102.182.255.11" allowed="true" /> </ipSecurity> </security> </system.webServer> </location>

Best regards,
Yijing Sun

Martin Stabrey 1 Reputation point

2021-10-20T08:17:22.753+00:00

This is great. Thanks. I assume I can add the paragraph anywhere in the applicationhost.config file?

Yijing Sun-MSFT 7,066 Reputation points

2021-10-21T02:15:53.74+00:00

Hi @Martin Stabrey ,
There is a default web site in the location path property. I suggest you could add this under the default web site.

Best regards,
Yijing Sun
Sign in to comment
Martin Stabrey 1 Reputation point

2021-10-21T07:16:04.783+00:00

Thank you for your time. Appreciated!
Please sign in to rate this answer.
Martin Stabrey 1 Reputation point

2021-10-22T13:03:16.207+00:00

Hi. Out if interest, what is blazor webassembly/wwwroot

Mart

Yijing Sun-MSFT 7,066 Reputation points

2021-10-25T07:21:00.417+00:00

Hi @Martin Stabrey ,
Do you have solved the problem of ipsecurity? If you have the new problem,you could post a new thread. It will make more community experts to find your problems.
Best regards,
Yijing Sun
Sign in to comment