Configuring IP address and Domain Name Restrictions in Internet Information Services (IIS) 7

Configuring IP address and domain name restrictions in Internet Information Services (IIS) allows you to permit or deny access to the web server, web sites, folders, or files. Rules can be configured for remote IP addresses or based on the Domain name.

When a remote client that is not permitted access requests a resource, a 403.6 (“Forbidden: IP address of the client has been rejected”) or 403.8 (“DNS name of the client is rejected”) HTTP status will be logged by Internet Information Services (IIS).

IP and Domain Restrictions option is not enabled by default when you install Internet Information Services (IIS). You can enable IP and Domain Restrictions option by adding the above Role Service as shown below.

1) Open the Server Manager by selecting the path Start > Administrative Tools > Server Manager.

Server  Manager Web Server Add Remove Role Services


2) Click "Add Role Services" link to add the required Role. Check the "IP and Domain Restrictions" check box in "Select Role Services" screen and click "Next" to continue.


Add Role Service IP and Domain Restrictions


3) Click "Install" in the "Confirm Installation Selections" screen, to add the "IP and Domain Restrictions" Role Service.


Add Role Services Confirm Installation Selections


4) Click Close in the installation results to close the "Add Role Services" wizard.


Add role services IP and Domain Restrictions Installation Results.jpg


5) After adding the "IP and Domain Restrictions" Role Service, you can configure IP and Domain Restrictions by opening the Internet Information Services (IIS) Manager and selecting IPv4 Address and Domain Restrictions, as shown below.


IIS  Manager IPv4 Addresses and Domain Restrictions


6) Inside IPv4 Addresses and Domain Restrictions, select "Add Allow Entry" or "Add Deny Entry" to add Allow or Deny entries.


 IPv4 Addresses and Domain Restrictions


7) The "Add Allow Entry" and "Add Deny Entry" dialog box is shown below.


Add Allow Restriction Rule


Add Deny Restriction Rule

You can specify and IP address, an IP address range or a Domain Name in above dialog boxes. Please note that configuring Allow or Deny restrictions using Domain name require reverse DNS look up every time a request arrives the server. Performing reverse DNS lookups is a potentially expensive operation that can severely degrade the performance of your IIS server.

Related Tutorials