Export (0) Print
Expand All
2 out of 17 rated this helpful - Rate this topic

IP Address and Domain Restrictions

Published: February 29, 2012

Updated: February 29, 2012

Applies To: Windows Server 2012, Windows Server 2012 R2



Use the IP Address and Domain Restrictions feature page to define and manage rules that allow or deny access to content for a specific IP address, a range of IP addresses, or a domain name or names.

Sort the list by clicking one of the column headings on the feature page, or select a value from the Group by drop-down list to group similar items.

Related scenarios

In this document

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

 

Element Name Description

Mode

Displays the type of rule. Values are either Allow or Deny. The Mode value indicates whether the rule is designed to allow or deny access to content.

Requester

Displays a specific IP address, range of IP addresses, or domain name that is defined in the Add Allow Restriction Rule and Add Deny Restriction Rule dialog boxes. You can specifically allow or deny a requester access to content.

Entry Type

Displays whether the item is local or inherited. Local items are read from the current configuration file, and inherited items are read from a parent configuration file.

 

Element Name Description

Add Allow Entry

Opens the Add Allow Restriction Rule dialog box from which you can define rules that allow access to content for a specific IP address, a range of IP addresses, or a DNS domain name.

Add Deny Entry

Opens the Add Deny Restriction Rule dialog box from which you can define rules that allow access to content for a specific IP address, a range of IP addresses, or a DNS domain name.

Remove

Removes the item that is selected from the list on the feature page.

Edit Feature Settings

Opens the Edit IP and Domain Restrictions Settings dialog box from which you can configure settings that apply to the entire IP and domain name restrictions feature.

Revert to Inherited

Reverts the feature to inherit settings from the parent configuration. This action deletes local configuration settings, including items from the list, for this feature. This action is not available at the server level.

View Ordered List

Displays the list in order of configuration. When you select the ordered list format, you can only move items up and down in the list. Other actions in the Actions pane do not appear until you select the unordered list format.

Move Up

Moves up a selected item in the list. This action is available only when viewing items in the ordered list format.

noteNote
When items in the list are reordered at a child level, the child no longer inherits settings from the parent level. This loss of inheritance includes any items that are added to or removed from the list at the parent level. If you want to inherit settings from a parent level, revert all of the changes at the child level by using the Revert to Inherited action in the Actions pane.

Move Down

Moves a selected item down in the list. This action is available only when viewing items in the ordered list format.

noteNote
When items in the list are reordered at a child level, the child no longer inherits settings from the parent level. This loss of inheritance includes any items that are added to or removed from the list at the parent level. If you want to inherit settings from a parent level, revert all of the changes at the child level by using the Revert to Inherited action in the Actions pane.

View Unordered List

Displays the list in an unordered format. When you select the unordered list format, you can sort and group items in the list, and perform actions in the Actions pane.

Edit Dynamic Restriction Settings

Displays the Dynamic IP Restriction Setting dialog box from which you can restrict IP addresses that have too many concurrent requests or too many requests for a given time period.

Use either the Add Allow Restriction Rule or the Add Deny Restriction Rule dialog box to define rules that allow or deny access to content for a specific IP address, a range of IP addresses, or a DNS domain name.

 

Element Name Description

Specific IP Address

Add Allow Restriction Rule - Type an IP address in the Specific IP Address box in the Add Allow Restriction Rule dialog box when you want to allow access to content for a specific IP address.

Add Deny Restriction Rule - Type an IP Address in the Specific IP Address box in the Add Deny Restriction Rule dialog box when you want to deny access to content for a specific IP address.

IP address range

Add Allow Restriction Rule - Type the lowest value of the range of IP addresses that you have chosen to use in the IP Address range box in the Add Allow Restriction Rule dialog box. Do this action when you want to allow access to content for a range of IP addresses. Next, enter the subnet mask.

Add Deny Restriction Rule - Type the lowest value of the range of IP addresses that you have chosen to use in the IP address range box in the Add Deny Restriction Rule dialog box. Do this action when you want to deny access to content for a range of IP address. Next, enter the subnet mask.

Mask

Add Allow Restriction Rule - Type a subnet mask in the Mask box in the Add Allow Restriction Rule dialog box. Do this action when you want to allow access to content for a range of IP address. When IIS evaluates this subnet mask with the IP address entered in the IP address range box, the upper and lower boundaries of an IP address space are defined.

Add Deny Restriction Rule - Type the subnet mask associated with the range of IP addresses in the Mask box in the Add Deny Restriction Rule dialog box. Do this action when you want to deny access to content for a range of IP address.When IIS evaluates this subnet mask with the IP address entered in the IP address range box, the upper and lower boundaries of an IP address space are defined.

Domain name

Add Allow Restriction Rule - Type a fully qualified DNS domain name in the Domain name box in the Add Allow Restriction Rule dialog box when you want to allow access to content for a DNS domain.

Add Deny Restriction Rule - Type a fully qualified DNS domain name in the Domain name box in the Add Deny Restriction Rule dialog box when you want to deny access to content for a DNS domain.

To see the Domain name option, first enable domain name restrictions, using Edit Feature Settings.

Use the Edit IP and Domain Restrictions dialog box to define access restrictions for unspecified clients or to enable domain name restrictions for all rules.

 

Element Name Description

Access for unspecified clients

Defines access restrictions for unspecified clients. This setting defines whether to allow or deny access to clients not specified by any other rule.

Enable domain name restrictions

Enables rules that restrict access by domain name. This rule significantly affects server performance because it requires a DNS lookup for every request.

Enable Proxy Mode

Enables requests to come through a proxy server.

Deny Action Type

Selects the type of action to be taken when a request is denied. The following list shows the available actions:

  • Unauthorized

  • Forbidden

  • Not Found

  • Abort

Use the Dynamic IP Restriction Settings dialog box to restrict IP addresses that have too many concurrent requests or too many requests for a given time period.

 

Element Name Description

Deny IP Address based on the number of concurrent requests

Denies requests from an IP address when the number of concurrent requests exceeds the specified Maximum number of concurrent requests.

Deny IP based on the number of requests over a period of time

Denies requests from an IP address when the number of requests exceeds the specified Maximum number of requests for a given Time Period (in milliseconds).

Enable Logging Only Mode

Specifies that if one of the previous rules is exceeded the event is logged and the request is allowed rather than denied.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.