Web.config ipSecurity
The web.config file can be used to restrict website access, by the client IP address. Web.config can be used to restrict access to a single page, a directory and all sub directories, or even the entire web site. You can block all IP addresses and only let a few trusted IP addresses in, or you could allow everyone and block specific IP addresses or subnets.
While some web.config sections require that the containing directory is set as an application, this isn't one of them. A simple web.config with a ipSecurity section may be placed in any directory, and the directory does NOT need to be set as an application.
Purpose
IP address restrictions are used to restrict access based on the IP address of the client computer. IP address restrictions can be used to protect specific directories, or the entire web site. IP address restrictions can be used with two methods.
How it's done
Example IP address restrictions. Comments are enclosed in <!-- --> and are not required.
<security> <ipSecurity allowUnlisted="true"> <!-- this line allows everybody, except those listed below --> <clear/> <!-- removes all upstream restrictions --> <add ipAddress="83.116.19.53"/> <!-- blocks the specific IP of 83.116.19.53 --> <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/> <!--blocks network 83.116.119.0 to 83.116.119.255--> <add ipAddress="83.116.0.0" subnetMask="255.255.0.0"/> <!--blocks network 83.116.0.0 to 83.116.255.255--> <add ipAddress="83.0.0.0" subnetMask="255.0.0.0"/> <!--blocks entire /8 network of 83.0.0.0 to 83.255.255.255--> </ipSecurity> </security>
<security> <ipSecurity allowUnlisted="false"> <!-- this line blocks everybody, except those listed below --> <clear/> <!-- removes all upstream restrictions --> <add ipAddress="127.0.0.1" allowed="true"/> <!-- allow requests from the local machine --> <add ipAddress="83.116.19.53" allowed="true"/> <!-- allow the specific IP of 83.116.19.53 --> <add ipAddress="83.116.119.0" subnetMask="255.255.255.0" allowed="true"/> <!--allow network 83.116.119.0 to 83.116.119.255--> <add ipAddress="83.116.0.0" subnetMask="255.255.0.0" allowed="true"/> <!--allow network 83.116.0.0 to 83.116.255.255--> <add ipAddress="83.0.0.0" subnetMask="255.0.0.0" allowed="true"/> <!--allow entire /8 network of 83.0.0.0 to 83.255.255.255--> </ipSecurity> </security>
Using IP Address Restrictions
Detailed web.config content
<?xml version="1.0"?> <configuration> <system.webServer> <security> <ipSecurity allowUnlisted="true"> <!-- this line blocks everybody, except those listed below --> <clear/> <!-- removes all upstream restrictions --> <add ipAddress="83.116.19.53"/> <!-- block one IP --> <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/> <!--block network 83.116.119.0 to 83.116.119.255--> </ipSecurity> </security> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
<?xml version="1.0"?> <configuration> <system.web> .. existing text .. .. existing text .. </system.web> <system.webServer> <security> <ipSecurity allowUnlisted="true"> <!-- this line blocks everybody, except those listed below --> <clear/> <!-- removes all upstream restrictions --> <add ipAddress="83.116.19.53"/> <!-- block one IP --> <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/> <!--block network 83.116.119.0 to 83.116.119.255--> </ipSecurity> </security> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
<?xml version="1.0"?> <configuration> <system.web> .. existing text .. .. existing text .. </system.web> <system.webServer> <security> <ipSecurity allowUnlisted="true"> <!-- this line blocks everybody, except those listed below --> <clear/> <!-- removes all upstream restrictions --> <add ipAddress="83.116.19.53"/> <!-- block one IP --> <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/> <!--block network 83.116.119.0 to 83.116.119.255--> </ipSecurity> </security> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>