FTP IP Address and Domain Restrictions

 

Applies To: Windows Server 2012 R2, Windows Server 2012

Use the IP Address and Domain Restrictions feature page to define and manage rules that allow or deny access to content for a specific IP address, a range of IP addresses, or a domain name or names.

To configure restrictions based on domain names, enable domain name restrictions by clicking Edit Feature Settings in the task list, and then set the Enable domain name restrictions option.

Related scenarios

In this document

UI Elements for IP Address and Domain Restrictions

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

Feature Page Elements

Element Name

Description

Mode

Displays the type of rule. Values are either Allow or Deny. The Mode value indicates whether the rule is designed to allow or deny access to content.

Requester

Displays a specific IP address, range of IP addresses, or domain name that is defined in the Add Allow Restriction Rule and Add Deny Restriction Rule dialog boxes. You can specifically allow or deny a requester access to content.

Actions Pane Elements

Element Name

Description

Add Allow Entry

Opens the Add Allow Restriction Rule dialog box from which you can define rules that allow access to content for a specific IP address, a range of IP addresses, or a DNS domain name.

Add Deny Entry

Opens the Add Deny Restriction Rule dialog box from which you can define rules that allow access to content for a specific IP address, a range of IP addresses, or a DNS domain name.

Remove

Removes the item that is selected from the list on the feature page.

Edit Feature Settings

Opens the Edit IP and Domain Restrictions Settings dialog box from which you can configure settings that apply to the entire IP and domain name restrictions feature.

Revert to Parent

Reverts the feature to inherit settings from the parent configuration. This action deletes local configuration settings, including items from the list, for this feature. This action is not available at the server level.

View Ordered List

Displays the list in order of configuration. When you select the ordered list format, you can only move items up and down in the list. Other actions in the Actions pane do not appear until you select the unordered list format.

Move Up

Moves up a selected item in the list. This action is available only when you view items in the ordered list format.

Note

When items in the list are reordered at a child level, the child no longer inherits settings from the parent level. This loss of inheritance includes any items that are added to or removed from the list at the parent level. If you want to inherit settings from a parent level, revert all the changes at the child level by using the Revert to Inherited action in the Actions pane.

Move Down

Moves a selected item down in the list. This action is available only when you view items in the ordered list format.

Note

When items in the list are reordered at a child level, the child no longer inherits settings from the parent level. This loss of inheritance includes any items that are added to or removed from the list at the parent level. If you want to inherit settings from a parent level, revert all the changes at the child level by using the Revert to Inherited action in the Actions pane.

View Unordered List

Displays the list in an unordered format. When you select the unordered list format, you can sort and group items in the list, and perform actions in the Actions pane.

Add Allow or Deny Restriction Rule Dialog Box

Use either the Add Allow Restriction Rule or the Add Deny Restriction Rule dialog box to define rules that allow or deny access to content for a specific IP address, a range of IP addresses, or a DNS domain name.

Element Name

Description

Specific IP Address

Add Allow Restriction Rule - Type an IP address in the Specific IP Address box in the Add Allow Restriction Rule dialog box when you want to allow access to content for a specific IP address.

Add Deny Restriction Rule - Type an IP Address in the Specific IP Address box in the Add Deny Restriction Rule dialog box when you want to deny access to content for a specific IP address.

IP address range

Add Allow Restriction Rule - Type the lowest value of the range of IP addresses that you have chosen to use in the IP Address range box in the Add Allow Restriction Rule dialog box. Do this action when you want to allow access to content for a range of IP addresses. Next, enter the subnet mask.

Add Deny Restriction Rule - Type the lowest value of the range of IP addresses that you have chosen to use in the IP address range box in the Add Deny Restriction Rule dialog box. Do this action when you want to deny access to content for a range of IP address. Next, enter the subnet mask.

Mask

Add Allow Restriction Rule - Type a subnet mask in the Mask box in the Add Allow Restriction Rule dialog box. Do this action when you want to allow access to content for a range of IP address. When IIS evaluates this subnet mask with the IP address entered in the IP address range box, the upper and lower boundaries of an IP address space are defined.

Add Deny Restriction Rule - Type the subnet mask associated with the range of IP addresses in the Mask box in the Add Deny Restriction Rule dialog box. Do this action when you want to deny access to content for a range of IP address. When IIS evaluates this subnet mask with the IP address entered in the IP address range box, the upper and lower boundaries of an IP address space are defined.

Domain name

Add Allow Restriction Rule - Type a fully qualified DNS domain name in the Domain name box in the Add Allow Restriction Rule dialog box when you want to allow access to content for a DNS domain.

Add Deny Restriction Rule - Type a fully qualified DNS domain name in the Domain name box in the Add Deny Restriction Rule dialog box when you want to deny access to content for a DNS domain.

To see the Domain name option, you must first enable domain name restrictions by using Edit Feature Settings.

Edit IP and Domain Restrictions Dialog Box

Use the Edit IP and Domain Restrictions dialog box to define access restrictions for unspecified clients or to enable domain name restrictions for all rules.

Element Name

Description

Access for unspecified clients

Defines access restrictions for unspecified clients. This setting defines whether to allow or deny access to clients not specified by any other rule.

Enable domain name restrictions

Enables rules that restrict access by domain name. This rule significantly affects server performance because it requires a DNS lookup for every request.