How to block IP addresses on IIS 7.0


Are you a webmaster trying to block certain Ip addresses from abusing your websites? You can block a range of IP addresses from accessing your websites by blocking them on IIS 7.0. Read more to find how to block a range of IP address through IIS.

Today I found our websites are loading very slow and sometimes it even times out. I spent sometime going through the logs and finally figured out some automated bots were accessing certain non existing urls at very high frequency. We use "index.aspx" as our default file, but they were accessing the urls aindex.aspx, bindex.aspx, cindex.aspx... zindex.aspx and so on.

I have no idea what their intentions are, but this definitely slowed down our server. When a page that does not exist is accessed, we go through some logging process (which we can optionally disable) which further slows down the server.

Luckily, all these requests were coming from the same ip address. That made it bit easy to deal with. All I had to do was, block access from that Ip address to our website.

If you like to know how to block certain ip addresses from accessing your website and webservices, follow the steps below.

How to block specific Ip addresses or range of Ip addresses from accessing your website



If you are using IIS 7.0, you can easily block any Ip addresses from accessing your website. In order to do this, you must have the "Ip and Domain Restrictions" role installed on your server.

Install Ip and Domain Restrictions Server Role

To install this role, follow the steps below:

1. Go to "Control panel"

2. Open "Administrative tools"

3. Open "Server Manager"

4. Click on "Roles"

5. On the right panel, click on "Add Role Services"

6. Expand "Web Server" and below that expand "Security"

7. Select/check "IP and Domain Restrictions"



8. Click "Next"

Let the wizard complete and finish adding the service. Now open the IIS Manager. You will see an entry called "Ip Address and Domain Restrictions".



If you already have the IIS Manager open, you may need to close and re open it to see the new entry.

Block Ip Address in IIS 7.0

Double click on the icon "Ip Address and Domain Restrictions" in IIS Manager. (If you are missing the icon Ip Address and Domain Restrictions, carefully follow the steps above to add this role to IIS.)

When you double click and open the Ip Address block feature, you will see the right pane, with any Ip addresses already filtered. If no Ip addresses are already filtered, you will see a blank screen on rightside.

Look at the panel on the right. You will see 2 entries:

Add Allow Entry
Add Deny Entry

Since we want to block an ip address, choose "Add Deny Entry". In the popup dialog box, enter the specific Ip address you want to block from accessing your websites on your IIS 7.0.

If you want to block a range of Ip address, you can choose the appropriate option in the popup dialog and then choose the range with appropriate mask.

I just tried to block my own Ip address to see what happens. This is what I got:

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.


I did it just to confirm I can successfully block the bot that was trying to assess our urls too frequently. After I blocked the ip address, my logs confirmed the activity from that ip address stopped.


Article by Tony John
Tony John is a professional blogger from India, who started his first Weblog in 1998 at Tripod.com. Tony switched to blogging as a passion blended business in the year 2000 and currently operates several popular web properties including IndiaStudyChannel.com, Techulator.com, dotnetspider.com and many more.

Follow Tony John or read 679 articles authored by Tony John

Comments

Author: tammy roy07 Dec 2011 Member Level: Bronze   Points : 0

Mr tony John Great Knowledge you shared with us.



  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: