Home / server / Questions / 293996
Accepted
marc esher
Asked: 2011-07-26 13:41:04 +0800 CST

IIS7: How to restrict virtual directory access to specific IP

  • 772

I have a site set up in IIS, and I have a virtual directory that should only be available to localhost.

In IIS6, this was trivial to set up.

However, those property sheets are gone in IIS7 and I cannot find a corresponding setting. RequestFiltering and denyURLSequence isn't right, because that doesn't have an attribute for IP, at least, not that I could find.

Thanks!

iis-7 virtual-directory

2 Answers

  1. Best Answer

    You need IIS module called "IP and Domain Restrictions" (bundled with IIS) .. or grab improved version: Dynamic IP Restrictions.

    Once installed configure to block all IPs except selected (should be no problems at all -- very easy GUI).

    • 2

  2. You can include the following code block inside your web.config file of the virtual directory to restrict access only to localhost.

    <system.webServer>
        <security>
            <ipSecurity allowUnlisted="false">
                <add ipAddress="127.0.0.1" allowed="true" />
            </ipSecurity>
        </security>
</system.webServer>

    If you already have the system.webServer block, then you need to add only the security block.

    • 0