IIS7 web.config rewrites to restrict access for IP range - can't get it to work?

Question

I'm simply adding to a set of rules on existing rewrite rules for our company website. We have a file that we need to restrict to only our internal IP addresses. The URL is http://oursite.com/internal/index.aspx?u=blahblah and need it restricted to IP ranges 10.1.X.X. I'm adding this and it's not doing anything. Even if I tried to capture all using .* for the pattern, it still ignores it. Is my syntax correct? Thanks.

<rewrite>
    <rules>
    ...
        <rule name="Restrict URL" enabled="true" stopProcessing="true">
             <match url="internal/index\.aspx" />
             <conditions>
                  <add input="{REMOTE_ADDR}" pattern="^10\.1\.\d+\.\d+$" negate="true" />
             </conditions>
             <action type="AbortRequest" />
        </rule>
    </rules>
</rewrite>

score 2 · Accepted Answer · answered Mar 21 '11 at 17:37

2

I resolved this myself. I ended up using HTTP_X_FORWARDED_FOR as the header, due to our hosting provider.

answered Mar 21 '11 at 17:37

Ryan Peters

7,608
8
41
57

IIS7 web.config rewrites to restrict access for IP range - can't get it to work?

1 Answers1