question

Corobori avatar image
0 Votes"
Corobori asked Corobori edited

How to block those requests?

One of my website is being under attack. I am getting requests, as shown below, from several IPs addresses. Is there a way to block them ?

113193-block.jpg


windows-server-iis
block.jpg (266.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JasonPan-MSFT avatar image
0 Votes"
JasonPan-MSFT answered JasonPan-MSFT edited

Hi @Corobori-9276

You can configure ipv4 address restrictions for remote connections.

Official doc :

Configure IPv4 Address Restrictions for Remote Connections (IIS 7)


Configure IPv4 address restrictions to specify whether a specific IPv4 address or range of IPv4 addresses are allowed or denied permission to connect remotely to sites or applications on the Web server.



If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Best Regards,
Jason







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Corobori avatar image
0 Votes"
Corobori answered Corobori edited

@JasonPan-MSFT Blocking at IP address level was not doable as requests were coming from varios IP address from different countries (Russia, Mexico an Brazil)

Eventually I decided to filter thru IIS using the following rule but it doesn't seem to work as expected.

When using this rule

<filteringRule name="TESTRULE" scanUrl="true" scanQueryString="true">
<appliesTo>
<clear />
</appliesTo>
<denyStrings>
<clear />
<add string="BLOCKINGWORD" />
</denyStrings>
<scanHeaders>
<clear />
</scanHeaders>
</filteringRule>


My website gives me what is shown below. I was expecting a 404 page not found, according to what I read.

113404-2021-07-09-11-10-27.jpg



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.