What is Internet Information Services (IIS)?
Internet Information Services, also known as IIS, is a Microsoft web server that runs on Windows operating system and is used to exchange static and dynamic web content with internet users. IIS can be used to host, deploy, and manage web applications using technologies such as ASP.NET and PHP.
If we have configured multiple virtual hosts in IIS and we want to restrict one of the virtual hosts to be accessible from the allowed IP address only.
To achieve this we can configure IP restriction at the IIS level.
In this blog, we will see how can we allow or deny certain IP addresses to virtual host.
I have taken two scenarios:-
1. IIS is running on a public server.
2. IIS is running on a private aws EC2 instance and ALB is used to expose it publically.
IIS running on a public server:
- We have configured the IIS in a public server and mapped it with a domain. Our website URL is uat.alamblogs.co.in.
2. Go to Server Manager and click on Add roles and features.
3. On Roles page expand Web Server (IIS).
4. Expand Web Server, then expand Security and select IP and Domain Restrictions. Then install it.
5. Now open Internet Information Services (IIS) Manager.
6. Click on IP Address and Domain Restrictions.
7. Click on Add Allow Entry.
8. Provide IP address from which you want to make your application accessible.
9. Click on Edit Feature Settings.
10. Select Deny for Access for unspecified clients and click on OK.
11. Now access that website with the allowed IP and from a different network as well.
That website will be accessible from the allowed IP only. From other networks, we will get errors.
IIS is running on a private server:
1. Follow the steps given above to install the IP and Domain Restrictions feature.
2. Make sure x-forward-for is enabled in AWS ALB.
3. We need to configure x-forward-for in the server as well to capture the client’s actual IP in the webserver log. To configure that go to the IIS manager.
4. Select your site in the left pane, then click on Logging.
5. Click on Select Fields.
6. Click on Add Fields.
7. Give X-Forward-For in Field Name, select Request Header in Source Type, and X-Forward-For in Source. Then click on OK.
8. Click on Apply in the right pane to save it.
9. Click on Edit Feature Settings and select Deny from the drop-down under Access for unspecified clients.
10. Check the box Enable Proxy Mode and click on OK.
10. Click on Add Allow Entry and then select the radio button IP address range and provide your VPC CIDR. Then click on OK.
11. Now add your IP which you want to allow in the same way as we have done for the public server.
Now verify the configuration by accessing the website.
That’s it for this blog. Keep learning, and keep growing!!
It agree, a remarkable piece
Just desire to say your article is as astonishing. The clearness in your post is simply great and i can assume you’re an expert on this subject.
Fine with your permission let me to grab your RSS feed to keep updated
with forthcoming post. Thanks a million and please
carry on the gratifying work.
Actually when someone doesn’t be aware of then its
up to other people that they will help, so here it happens.
I pay a quick visit day-to-day a few websites and sites to read posts, but this blog presents quality based writing.
Right here is the right blog for anybody who hopes to find out about this topic.
You understand so much its almost hard to argue with you (not that I personally will need to…HaHa).
You certainly put a fresh spin on a subject that’s been discussed for many years.
Excellent stuff, just great!
Hey I am so happy I found your weblog, I really found you by error,
while I was browsing on Yahoo for something else, Anyways I am here now and would just like to say kudos for a incredible post and a all round enjoyable blog (I also love the theme/design), I don’t have time to read it all at the moment but I
have saved it and also added your RSS feeds, so when I have time I will be back to
read more, Please do keep up the superb b.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Yes, please go ahead and ask.
This is a masterpiece, really very helpful for beginners like us.
The point of view of your article has taught me a lot, and I already know how to improve the paper on gate.oi, thank you.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.