Blocking IP ranges
I have a list of ranges I need allowed.
http://nzip.meta.net.nz/files/nzip/nzsubnets.txt
Is there an easy way to only allow these ranges in IIS? It can be done in
Apache using the allow/deny, but there doesn't seem to be an easy way to do
it in IIS.
Thanks
Re: Blocking IP ranges
Yes
there is an option to Allow all addresses except <list of IPs or subnets>
and an option to Deny all addresses except <list of IPs or subnets>
If you want to configure this in the GUI then IIS Manager -> right-click on
the website/application/folder/file you wish to protect -> Directory
Security Tab -> IP address and Domain Name restrictions -> select "By
default all computers will be denied access except..." and enter your list
of IP address and/or IP networks.
You can also do this from the command line if you wish.
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
"infused" <infused [at] infused.com> wrote in message
news:ugy%23S31KIHA.5980 [at] TK2MSFTNGP04.phx.gbl...
>I have a list of ranges I need allowed.
>
> http://nzip.meta.net.nz/files/nzip/nzsubnets.txt
>
> Is there an easy way to only allow these ranges in IIS? It can be done in
> Apache using the allow/deny, but there doesn't seem to be an easy way to
> do it in IIS.
>
> Thanks
Re: Blocking IP ranges
Hi Ken,
Yep, I know how to do it from the gui... only there are about 300 entries.
Is there a way i can import these from a file?
Thanks
"Ken Schaefer" <kenREMOVE [at] THISadOpenStatic.com> wrote in message
news:OTjejB2KIHA.4752 [at] TK2MSFTNGP05.phx.gbl...
> Yes
>
> there is an option to Allow all addresses except <list of IPs or subnets>
> and an option to Deny all addresses except <list of IPs or subnets>
>
> If you want to configure this in the GUI then IIS Manager -> right-click
> on the website/application/folder/file you wish to protect -> Directory
> Security Tab -> IP address and Domain Name restrictions -> select "By
> default all computers will be denied access except..." and enter your list
> of IP address and/or IP networks.
>
> You can also do this from the command line if you wish.
>
> Cheers
> Ken
>
> --
> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>
>
> "infused" <infused [at] infused.com> wrote in message
> news:ugy%23S31KIHA.5980 [at] TK2MSFTNGP04.phx.gbl...
>>I have a list of ranges I need allowed.
>>
>> http://nzip.meta.net.nz/files/nzip/nzsubnets.txt
>>
>> Is there an easy way to only allow these ranges in IIS? It can be done in
>> Apache using the allow/deny, but there doesn't seem to be an easy way to
>> do it in IIS.
>>
>> Thanks
>
Re: Blocking IP ranges
There are many ways you can import this from a file. Both ADSI IIS interface
and WMI can be used if you wish to write a script.
Alternatively, you can simply use a batch file to call adsutil.vbs to update
the metabase appropriately
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
"infused" <infused [at] infused.com> wrote in message
news:ujk$uf2KIHA.3516 [at] TK2MSFTNGP02.phx.gbl...
> Hi Ken,
>
> Yep, I know how to do it from the gui... only there are about 300 entries.
> Is there a way i can import these from a file?
>
> Thanks
>
> "Ken Schaefer" <kenREMOVE [at] THISadOpenStatic.com> wrote in message
> news:OTjejB2KIHA.4752 [at] TK2MSFTNGP05.phx.gbl...
>> Yes
>>
>> there is an option to Allow all addresses except <list of IPs or subnets>
>> and an option to Deny all addresses except <list of IPs or subnets>
>>
>> If you want to configure this in the GUI then IIS Manager -> right-click
>> on the website/application/folder/file you wish to protect -> Directory
>> Security Tab -> IP address and Domain Name restrictions -> select "By
>> default all computers will be denied access except..." and enter your
>> list of IP address and/or IP networks.
>>
>> You can also do this from the command line if you wish.
>>
>> Cheers
>> Ken
>>
>> --
>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>
>>
>> "infused" <infused [at] infused.com> wrote in message
>> news:ugy%23S31KIHA.5980 [at] TK2MSFTNGP04.phx.gbl...
>>>I have a list of ranges I need allowed.
>>>
>>> http://nzip.meta.net.nz/files/nzip/nzsubnets.txt
>>>
>>> Is there an easy way to only allow these ranges in IIS? It can be done
>>> in Apache using the allow/deny, but there doesn't seem to be an easy way
>>> to do it in IIS.
>>>
>>> Thanks
>>
>
Re: Blocking IP ranges
Hi Ken,
I've tried to find an examle of the sort of command one would run but don't
seem to be having much luck. Is it possible to provide me with a quick
example?
Thanks
"Ken Schaefer" <kenREMOVE [at] THISadOpenStatic.com> wrote in message
news:eWp5Hy2KIHA.3848 [at] TK2MSFTNGP05.phx.gbl...
> There are many ways you can import this from a file. Both ADSI IIS
> interface and WMI can be used if you wish to write a script.
>
> Alternatively, you can simply use a batch file to call adsutil.vbs to
> update the metabase appropriately
>
> Cheers
> Ken
>
> --
> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>
>
> "infused" <infused [at] infused.com> wrote in message
> news:ujk$uf2KIHA.3516 [at] TK2MSFTNGP02.phx.gbl...
>> Hi Ken,
>>
>> Yep, I know how to do it from the gui... only there are about 300
>> entries. Is there a way i can import these from a file?
>>
>> Thanks
>>
>> "Ken Schaefer" <kenREMOVE [at] THISadOpenStatic.com> wrote in message
>> news:OTjejB2KIHA.4752 [at] TK2MSFTNGP05.phx.gbl...
>>> Yes
>>>
>>> there is an option to Allow all addresses except <list of IPs or
>>> subnets> and an option to Deny all addresses except <list of IPs or
>>> subnets>
>>>
>>> If you want to configure this in the GUI then IIS Manager -> right-click
>>> on the website/application/folder/file you wish to protect -> Directory
>>> Security Tab -> IP address and Domain Name restrictions -> select "By
>>> default all computers will be denied access except..." and enter your
>>> list of IP address and/or IP networks.
>>>
>>> You can also do this from the command line if you wish.
>>>
>>> Cheers
>>> Ken
>>>
>>> --
>>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>>
>>>
>>> "infused" <infused [at] infused.com> wrote in message
>>> news:ugy%23S31KIHA.5980 [at] TK2MSFTNGP04.phx.gbl...
>>>>I have a list of ranges I need allowed.
>>>>
>>>> http://nzip.meta.net.nz/files/nzip/nzsubnets.txt
>>>>
>>>> Is there an easy way to only allow these ranges in IIS? It can be done
>>>> in Apache using the allow/deny, but there doesn't seem to be an easy
>>>> way to do it in IIS.
>>>>
>>>> Thanks
>>>
>>
>
