Is there any software tool for a Windows Server (with IIS installed), where I could set up "rules" to block incoming HTTP requests with suspicious behavior?
Like, say, if someone starts scanning my website for URLs like "/wp-admin/" or "/phpmyadmin/" or similar - I could block those IP addresses (permanently or temporary)?
PS. Not a CDN service like Cloudflare, need a self-hosted thingy...
PPS. All I found is "Dynamic IP Restrictions" module for IIS which blocks an IP address when it starts DDoSing the server with thousands of requests, but I wanted a more flexible solution.
There are quite a few applications that can be installed to IIS that will dynamically block traffic based upon signatures. Similar to anti-virus signatures for .dat files, IPS attack signature identification functions correspondingly.
Here is community contributed link for a local web application firewall from IIS.com http://www.iis.net/downloads/community/2010/08/threatsentry-4-iis-web-application-firewall
This application claims to have IPS qualities. http://www.kerio.com/products/kerio-control
As does this. http://www.beyondtrust.com/Products/PowerBrokerEndpointProtection/
I will say, I am not a proponent of client software based IPS. There are a multitude of reasons why. I am a proponent of IPS though, at the network layer.
I hope this was helpful.