Setting IP Address and Domain Name Restrictions

Applies To: Windows Server 2003, Windows Server 2003 with SP1

One method of protecting the Web sites and applications that are hosted on your server is to restrict access from specific IP addresses or domain names. You can explicitly grant or deny access to any combination of IP address ranges or domain names.

By restricting access to Web sites and applications by using IP address ranges or domain names, you can grant or deny access to a specific set of computers or to an organization. The restrictions that you specify affect the entire Web site or application and cannot be configured for individual portions of the Web site or application.

Restrict access to a specific Web site for a specific IP address range or domain name by completing the following steps:

  1. Specify the default access that will be given to the majority of users accessing the application by doing one of the following:

    • To allow the majority of users to access the application, enable default access.

    • To allow a limited number of users to access the application, disable default access.

  2. For each computer, or group of computers, that you want to grant or deny access, specify the IP address range or domain name for the clients that are exceptions to the default access specified in Step 1.

    Unless you are unable to identify the IP address range for the computers, you must specify the domain name. From a performance perspective, specifying the IP address range is preferred. If you specify a domain name, Domain Name System (DNS) reverse lookups must be done each time a user accesses the application and the performance of your application is degraded.

    Specify the IP address range in the form of a single IP address or a network ID with a corresponding subnet mask.

For more information about setting IP address and domain name restrictions, see Configure IP Address and Domain Name Restrictions.