IIS 10 "Enable Logging Only Mode" in Dynamic IP Restrictions Settings page

Question

Hello,

We would like to review the dynamic IP restriction settings before implementing it. I came across Enable Logging only mode in dynamic IP restrictions settings.

Does enabling it only will give me logs or do i still need to check "Deny IP address based on the number of concurrent requests" or the other option?

Answer 1

Hi @Kevin Virani ,

If enable restriction without enable logging only mode, you could see the 403.502/403.501 in IIS log. However, if you enabled the logging only mode, then the IIS will not deny the request any more. It will only log the request status as 200 and substatus code 501 or 502. So log only means log the request which should be blocked as 200.502 and not return any error message.

So if you need to get the blocked IP, you only need to go to IIS log and find the log entry with 501 or 502 substatus code.

  #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken  
( log for normal dynamic restriction)  
    2018-01-08 04:30:34 192.168.2.50 GET / - 80 - 192.168.2.50 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/8.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) - 403 501 0 15  
( log entry for log only mode)  
    2018-01-08 05:37:11 192.168.2.50 GET /a.aspx - 80 - 192.168.2.50 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/8.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) - 200 502 0 0  

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Bruce Zhang