Add request blocking rule Dialog

  • Article

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Use the Add request blocking rule dialog box to add rules to IIS 7 that will block inbound HTTP requests based on criteria that you specify. Request blocking rules can be used as security measures, or to prevent access to URLs that may be rewritten by another rule. For example, you may add a rule that rewrites HTTP requests for https://www.contoso.com/1/ as https://www.contoso.com/page.aspx?ID=1, then add a request blocking rule that prevents access to the https://www.contoso.com/page.aspx URL.

UI Element List

The following table describes the UI elements that are available in the Add request blocking rule dialog box.

Element Name Description

Block access based on

Specifies the action type for the rule. The available actions are as follows:

  • URL Path: Specifies that the HTTP request will be blocked based on the URL.

  • User-agent Header: Specifies that the HTTP request will be blocked based on the user-agent string of the HTTP client.

  • IP Address: Specifies that the HTTP request will be blocked based on the HTTP client’s IP address.

  • Query String: Specifies that the HTTP request will be blocked based on the data that is sent in the request’s query string.

  • Referrer: Specifies that the HTTP request will be blocked based on the referring URL of the HTTP request.

  • Host Header: Specifies that the HTTP request will be blocked based on the value of the HTTP host header.

Block request that

Specifies whether HTTP requests should be blocked if they match the rule pattern, or if they do not match the pattern.

Pattern

Specifies the pattern for the rule.

Using

Specifies the pattern matching syntax for the rule. The available options are as follows:

  • Regular Expressions: Specifies that pattern-matching syntax will use regular expressions.

  • Wildcards: Specifies that pattern-matching syntax will use wildcard expressions.

How to block

Specifies the method for blocking HTTP requests for the rule. The available options are as follows:

  • Send 401 (Unauthorized) Response: Specifies that the rule will return an access denied message to the HTTP client.

  • Send 403 (Forbidden) Response: Specifies that the rule will return an access forbidden message to the HTTP client.

  • Send 404 (File Not Found) Response: Specifies that the rule will return a file not found message to the HTTP client.

  • Abort Request: Specifies that the rule will terminate the HTTP request.