Configuring IP address and domain name restrictions in Internet Information Services (IIS) allows you to permit or deny access to the web server, web sites, folders, or files. Rules can be configured for remote IP addresses or based on the Domain name.
When a remote client that is not permitted access requests a resource, a 403.6 (“Forbidden: IP address of the client has been rejected”) or 403.8 (“DNS name of the client is rejected”) HTTP status will be logged by Internet Information Services (IIS).
IP and Domain Restrictions option is not enabled by default when you install Internet Information Services (IIS). You can enable IP and Domain Restrictions option by adding the above Role Service as shown below.
1) Open the Server Manager by selecting the path Start > Administrative Tools > Server Manager.
2) Click "Add Role Services" link to add the required Role. Check the "IP and Domain Restrictions" check box in "Select Role Services" screen and click "Next" to continue.
3) Click "Install" in the "Confirm Installation Selections" screen, to add the "IP and Domain Restrictions" Role Service.
4) Click Close in the installation results to close the "Add Role Services" wizard.
5) After adding the "IP and Domain Restrictions" Role Service, you can configure IP and Domain Restrictions by opening the Internet Information Services (IIS) Manager and selecting IPv4 Address and Domain Restrictions, as shown below.
6) Inside IPv4 Addresses and Domain Restrictions, select "Add Allow Entry" or "Add Deny Entry" to add Allow or Deny entries.
7) The "Add Allow Entry" and "Add Deny Entry" dialog box is shown below.
You can specify and IP address, an IP address range or a Domain Name in above dialog boxes. Please note that configuring Allow or Deny restrictions using Domain name require reverse DNS look up every time a request arrives the server. Performing reverse DNS lookups is a potentially expensive operation that can severely degrade the performance of your IIS server.