1

I have a website, apps.myWebsite.com, hosted in IIS 7.5 on a Windows Server 2008 R2.

I have several application running on apps.myWebsite.com each of them with its own authentication policy. apps.myWebsite.com was not accessible from the WWW but just within the company's network.

Now I wanted to open one application, myBlog, to the WWW therefore, through my ISP, I got a public IP address and URL, myBlog.myWebsite.com and I mapped it to the internal IP address of the website.

The problem is that this way I opened all the applications in apps.myWebsite.com to the WWW. I tried the HTTP redirect from apps.myWebsite.com to myBlog but this way I cannot access the other applications internally because if I digit their URL the server always redirect to myBlog.

Taken into account that accessing from the WWW myBlog.myWebsite.com must not require authorization, how can I expose just myBlog application to the WWW?

Is it possible to redirect just the requests coming from the WWW? Thanks

CiccioMiami
  • 209
  • 1
  • 3
  • 14
  • 1
    I see 2 major solutions (depends on how your site(s) is actually set up): 1) Using **Request Filtering** module disable all IPs and only allow local IPs for your local apps. 2) Using **URL Rewrite** module create rule to redirect or respond with custom error all requests from external IPs that come to your internal apps. – LazyOne Aug 02 '11 at 23:23
  • @LazyOne, thanks for your answer. How do you use the Request Filtering? Is there any UI available? I am quite new to IIS, I read a bit of documentation about the Request Filtering and I got really confused – CiccioMiami Aug 03 '11 at 08:28
  • Sorry, I meant to say **IP Address and Domain restrictions** module, not Request Filtering (it was midnight when I was writing that comment). This module is bundled with IIS 7.x. If you do not see it in IIS Manager, then you may need to install it first: grab [improved version here](http://www.iis.net/download/DynamicIPRestrictions). After installing just exit and open IIS Manager again (if it was opened). It is easy to use -- just "Add Allow entry" or "Add Deny entry". – LazyOne Aug 03 '11 at 08:51
  • @LazyOne, thanks. No problem I understand that at midnight the brain might paly bad jokes :-D I will try to create a restriction rule and see what happens. BTW, if you would like to have the points from the answer you'd betetr fomulate it as answer instead of comment. – CiccioMiami Aug 03 '11 at 09:23

2 Answers2

2

I see 2 major solutions (depends on how your site(s) is actually set up):

  1. Using IP Address and Domain restrictions module disable all IPs and only allow local IPs for your local apps. This module is bundled with IIS 7.x. If you do not see it in IIS Manager, then you may need to install it first: grab improved version here. After installing just exit and open IIS Manager again (if it was opened). It is easy to use -- just "Add Allow entry" or "Add Deny entry" and you can configure default policy for unlisted addresses (Deny or Allow all unlisted -- via "Edit Feature Settings" option).

  2. Using URL Rewrite module create rule(s) to redirect (or respond with custom error) all requests from external IPs that come to your internal apps.

Approach #1 is more logical and therefore preferred (plus it works on lower level than URL Rewriting module).

LazyOne
  • 3,064
  • 1
  • 18
  • 16
1

Or, a different solution:

  • Add a new internal IP address to the server.

  • Forward the Internet IP address only to the new internal IP address.

  • Create a new website on the internal server, bound only to the new IP address.

  • Change the site binding for the old site(s) to use only the old IP address.

  • Move the blog site content/apps into the new site (don't colocate it with the other stuff)

Profit!

TristanK
  • 9,073
  • 2
  • 28
  • 39
  • nice solution as well but they prefer not to issue other internal IPs. Do not ask me the reason becasue I really do not know. – CiccioMiami Aug 04 '11 at 14:10