0

Windows Server 2019 with IIS 10.

I'm trying to configure a list of "deny IP" entries in the IIS web.config (see below), but the IPs are not blocked. At the same time if we enter the same IPs manually, via the IIS Manager (IP Address and Domain Restriction feature), the IPs get blocked as expected.

The web.config is in the default location (the root folder for the Default Web Site) and is reduced to the very minimum, just to troubleshoot a single IP (expecting 69.122.29.94 to be blocked):

C:\inetpub\wwwroot\web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <location path="Default Web Site">
        <system.webServer>
            <security>
                <ipSecurity allowUnlisted="true">
                    <add ipAddress="69.122.29.94" subnetMask="255.255.255.255" allowed="false" />
                </ipSecurity>
            </security>
        </system.webServer>
    </location>
</configuration>

I cannot figure out what can be wrong? Thanks..

AKha
  • 1
  • Then can you enable FRT https://learn.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshoot-with-failed-request-tracing and also use a tool like Wireshark to confirm the packets are not blocked? – Lex Li Jan 24 '23 at 16:26
  • @LexLi I don't need to debug code or data requests, I know IIS Manges config works while web.config does not, so it must be some configuration, not a problem with a handler. In your answer (now deleted) you suggested to use `%windir%\system32\inetsrv\config\applicationhost.config` - can you explain why (or why not to use web.config) and provide some references? Thanks.. – AKha Jan 24 '23 at 18:12

0 Answers0