Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, May 4, 2020 2:09 PM
In IIS 10 ('IP Address and Domain Restrictions' feature), I am trying to add an allow restriction rule for a range of IP addresses. For example, if I wanted to allow access to 159.247.25.*, how would I enter it in the allow restriction rule? It requires an IP address and subnet mask.
All replies (1)
Tuesday, May 5, 2020 2:37 AM
Hi,
The subnet mask is used by the TCP/IP protocol to determine whether a host is on the local subnet or on a remote network.In TCP/IP, the parts of the IP address that are used as the network and host addresses are not fixed, so the network and host addresses above cannot be determined unless you have more information. This information is supplied in another 32-bit number called a subnet mask.
You could get more detail about the subnet mask from the below link:
To create a rule for a range of IP addresses, select the IP address range, and enter the subnet and subnet mask in the provided textboxes. For example, to permit access to all IP addresses in the range from 192.168.8.0 to 192.168.8.8 then enter the subnet as 192.168.8.0 and subnet mask as the 255.0.0.0.
To calculate the subnet mask you could use the subnet mask online calculator it is easy to use and get the exact value:
https://www.subnetonline.com/pages/subnet-calculators/subnetmask-calculator.php
If you do not have much idea about the subnet mask and its configuration you could use the iis url rewrite rule by following below steps:
1)First, download and install iis URL rewrite extension from the below link:
https://www.iis.net/downloads/microsoft/url-rewrite
2)Open iis manager and select your site.
3)From the pane, double-click the URL Rewrite icon.
4)On the URL Rewrite pane, on the Actions section in the upper right corner, click Add Rule(s) to create the first rule (i.e. to allow internal access).
5)add the blank rule as shown below:
6)Now click on apply go back and click on add rule.
7)Click on the requests blocking rule:
8) In the Add Request Blocking Rule dialog, select IP Address from the Block access based on dropdown
Select Matches the Pattern from the Block request that dropdown
Enter the first internal Pattern (IP Address) to allow, using " * " (asterisk) to enable a wildcard
Select Wildcards from the Using dropdown, if enabling wildcards
Click OK
Click ok and refresh your site.
your rule will look like below in web.config file:
<rule name="Allow rule" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="159.247.25.*" />
<add input="{REMOTE_ADDR}" pattern="10.1.*.*" />
<add input="{REMOTE_ADDR}" pattern="127.0.0.1" />
</conditions>
<action type="None" />
</rule>
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="*" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
</rule>
Reference link:
https://serverfault.com/questions/435690/iis7-ban-ip-range/435695
/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831785(v=ws.11)
Regards,
Jalpa