Josh's questions

I'm trying to implement a blacklist/blocklist of IPs in Azure App Service. I created a series of firewall rules that blocked specific IPs, I then added a rule that allowed all IPs (0.0.0.0/0) as a lower priority rule. My assumption was that the higher priority deny rule for specific IPs would block, if none of the deny rules matched than it would allow.

What I found was that all traffic was still allowed, that the deny rule was ignored. Is denying specific IPs while allowing all other traffic not possible or do I need to setup in a different way?

Also, I did try remove the Allow IPs rule, but received a 403 from an IP that wasn't being blocked.

Example of rule setup (note the IP is from a comment spammer, so don't try to resolve):

Microsoft replaced Virtual PC with Hyper-V for Windows 8. In Virtual PC I was able to shutdown the instance and lose changes form that session. This is important for testing that I can restart the VM in the original state.

When I perform either a shutdown or turnoff the VM in Hyper-V it saves the changes made while running. How do I setup a VM in Hyper-V to lose the changes on shutdown?

I would like to block a bot with IIS. With Apache you can add a command to your .htaccess file, as outlined here. How would I accomplish this with IIS 7.5?

Update

In addition to answer below, there are a total of approaches I discovered since posting this question:

1. URL Scan option listed in the accepted answer.
2. Define a Request Filtering rule (example below)
3. Define a URL Rewriting rule (example below)

Request Filter Rule

 <system.webServer>
    <security>
      <requestFiltering>
        <filteringRules>
          <filteringRule name="BlockSearchEngines" scanUrl="false" scanQueryString="false">
            <scanHeaders>
              <clear />
              <add requestHeader="User-Agent" />
            </scanHeaders>
            <appliesTo>
              <clear />
            </appliesTo>
            <denyStrings>
              <clear />
              <add string="YandexBot" />
            </denyStrings>
          </filteringRule>
        </filteringRules>
      </requestFiltering>
    </security>
    [...]
 </system.webServer>

URL Rewriting rule

<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions>
                        <add input="{HTTP_USER_AGENT}" pattern="YandexBot" />
                    </conditions>
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="Get Lost." />
                </rule>

For my last project I ended going with option 2 since it is security focused and based on the integrated URL Scan built into IIS 7.

I have a web application that has two web servers that have SMTP servers, with the following names:

• mail01.mydomain.com
• mail02.mydomain.com

I have the SPF record setup for the second level as:

v=spf1 a mx -all

With Network Solutions, you add an asterisk as a wildcard for the host to cover all hosts. Does this setup cover mail01 and mail02, or do I need an SPF record for mail01 and mail02?

Using Jeff's blog post I'm creating domain keys for my account. I wanted to verify the setup using Get or Host command with Bind for Windows but I'm lost one of the commands. I can see view the _domainkey. txt file with this command:

host -t txt _domainkey.stackoverflow.com

but I'm at a loss at how I'd find the selector record. Jeff points out it can be anything before the before the period in "._domainkey.domain.com" but how would I list all records if I didn't know the exact query name? Is there a wildcard I could use to view all TXT or all records under this section?

I want to inspect TXT records for my domain, such as SPF records. I tried the following command with nslookup but it didn't list the TXT records:

nslookup -type=TXT example.com

What is the correct command, or is there a better tool use on Windows 7?

I have a Windows 2008 server that has three IP bound to the NIC. I can select which IP Windows SMTP listens to, but I want to also set the IP address used when mail is sent. Where would I set which outbound IP to use when sending email?

Without using real IPs, here is an example what I have setup. Three IPs associated with the server: 10.0.0.1 10.0.0.2 10.0.0.3

I setup the binding on 10.0.0.2 for port 25 in the SMTP server settings, so that it is the only IP that will respond for inbound. When I look at the email header from an email sent from that server, it lists the server with an address of 10.0.0.3. I would like it to use 10.0.0.2 so that when reverse DNS is performed, it maps back correctly.

Can the SMTP Service on Windows 2003 Server be setup to work with one or more IP blacklist providers? If not, what about Windows 2003 Server in general?

How do I stop the SMTP Service on Windows 2003 (not exchange) from sending "Delivery Status Notification (Failure)" messages?

I'm trying to prevent a trick that spammers use of sending a message to a bogus user on my server's domain, with the sender's address as the Spam victim's address.

The result is that the SMTP Service will send back to the listed "sender" a "Delivery Status Notification (Failure)" message, which contains the spam message.

I use the POP3 Service that comes with Windows 2003 and that requires that I allow SMTP Anonymous Authentication. Although I've turned off relaying, I would like to do is reject any commands that would try to relay, and only allow the ones that are trying to deliver mail.