0

I installed the IP and Domain Restrictions feature to IIS 8.5 (Windows Server 2012) and found out that it completely ignores Deny entries I put in for a website (by either IP Address or IP Address Range). I've tried recycling the app pool (as recommended by others), and restarting IIS. I don't wish to reboot the computer as other sites would go down, but figure IIS8.5 IP and Domain Restrictions requires a reboot. Any suggestions?

MC9000
  • 2,076
  • 7
  • 45
  • 80
  • Is your issue solved? If your issue is solved then I request you to mark the helpful suggestion as an answer. This will help other people who face the same issue. If your issue still exists then try to refer the solution given by the community members. – Jalpa Panchal Jul 17 '20 at 08:31
  • Not yet. I'm leaning towards the DotNetCore package for IIS as the culprit (but haven't investigated thoroughly - no time to fix MSes "features"). – MC9000 Jul 18 '20 at 21:03

2 Answers2

1

There is no need to restart the machine after adding IP and domain name restriction in iis. you could only restart iis site if you want to.

if you only set the allow IP address in restriction rule then it will not be going to work. to restrict IP you could try below steps:

  1. open iis manager, select site

  2. double click on IP and domain name restrictions.

  3. click on add deny entry

enter image description here

4)add IP which you want to deny and click ok to apply the setting.

enter image description here

another way to block the specific IP by using iis URL rewrite rule:

 <rule name="RequestBlockingRule2" patternSyntax="Wildcard" stopProcessing="true">
                <match url="*" />
                <conditions>
                    <add input="{REMOTE_ADDR}" pattern="192.168.2.52" />
                </conditions>
                <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
            </rule>

and if it still not work then you could try to run failed requests tracing in iis and check why the rule is not working.

URL rerwite module download link

Jalpa Panchal
  • 8,251
  • 1
  • 11
  • 26
  • I have to use the rewrite rule - they worked fine in the past. The other thing is that there are no failed requests showing up - probably because it hasn't failed (though it should fail with the IP restrictions, it isn't). It could be a setting somewhere that was changed after installing DotNetCore IIS package, what it is is anyone's guess. – MC9000 Jul 18 '20 at 21:00
  • Let me re-state the problem: I wish to DENY specific IP addresses. This feature DOES NOT WORK in IIS8.5. I've since moved up to IIS10 and am using an automated script to add rules directly to the firewall. – MC9000 Jun 24 '23 at 12:38
-1

You also need to set the default access to Deny:

Click on Edit Feature Settings

IIS IP Address and Domain Name Restrictions

Set Access for unspecified clients to Deny

[IIS Edit IP and Domain Name Restrictions

stevenally
  • 89
  • 1
  • 4
  • 1
    Setting default access to Deny defeats the purpose! Need to deny specific IPs as they show up in a log. All IPs should be allowed and only specifics should be denied. – MC9000 Jun 24 '23 at 12:32