IIS access control by IP address for specific files and folders

Question

I am pretty new to IIS and I want to secure access to a management console of a web app.

By design of application there's a virtual directory that's intended for public access, but at the same time there's a file for management console access in the same directory, so blocking access to subdirectory would not work.

Can I limit access to this file using web.config and only permit access from specific IP subnet or something similar?

PS. Also can I create web.config file for a subdirectory like we can place .htaccess file anywhere if we permit that?

I've had to do something very similar with an ASP.net web app recently of which I used the method in this KB http://support.microsoft.com/kb/316871 locking down one file using the web.config file. Hope this helps. — CharlesH, Jun 16 '14 at 14:53

score 4 · Answer 1 · answered Jun 17 '14 at 07:15

I figured it out at last. And it's awesome!

You can install IP and Domain Restrictions role service in Server Manager under

Roles → Web Server (IIS) → Role Services

After that you can browse IIS manager in Content View and permit/deny any file or directory you want for any IP address and also specify default action for unspecified hosts.

Just select the file or directory and switch back to Features View. There should be IP and Domain Restrictions icon under IIS section.

IIS access control by IP address for specific files and folders

1 Answers1