Is there a way in IIS 7 to restrict incoming builds so that it only deploys those coming from a certain IP address (the build controller?)
I've tried the "Management Service" Page in IIS, and while that seems to be what I want, it does not work.
Asked
Active
Viewed 269 times
0
-
What exactly did you try? What kind of requests are you referring to? – John Saunders Oct 13 '11 at 20:11
-
I added the IP address of the build controller to the IP address field in the Management Service area of IIS, but after that change builds failed to deploy. I'm referring to build requests that are made to the build controller and then deployed on the web server where IIS is installed. – dah97765 Oct 13 '11 at 20:34
-
Ok, so it's the deployment to IIS that you wish to block. How are the deployments taking place? Can you show some code or script or provide some detail about the deployments? We could presume MSDEPLOY to the Remote Agent using a Domain Account, but we could also be wrong. – John Saunders Oct 13 '11 at 21:50
1 Answers
1
Typically the deploy will be done from the Build Agent, not the Build Controller (these might not be the same machine).
Also, this access would typically be restricted via user accounts not IP's. If you only want your TFS Builds to be able to deploy, then ensure your Build Service is running using a dedicated account (e.g. MYDOMAIN\TFSBUILD) then restrict access to IIS to only that account.
Dylan Smith
- 22,069
- 2
- 47
- 62