Is it possible to block access to a directory through the web.config in IIS (excluding a small set of IPs) but allow through one specific file for everyone.
The reason I ask, I want to block the wp-admin directory in WordPress but the admin-ajax.php does need to be externally accessible.
Thanks.
For future reference, this was the solution:
<location path="wp-admin">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<clear/>
<add ipAddress="ipaddr" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</location>
<location path="wp-admin/admin-ajax.php">
<system.webServer>
<security>
<ipSecurity allowUnlisted="true">
</ipSecurity>
</security>
</system.webServer>
</location>
Solution noted requires ipSecurity overrideModeDefault to be set to Allow in applicationhost.config otherwise you'll receive a 500.19 - Internal Server Error with Error Code 0x80070021
<section name="ipSecurity" overrideModeDefault="Allow" />
