[ACCEPTED]-Best way to restrict access by IP address?-security

Accepted answer
Score: 17

One way is using a HttpModule.

From the link (in case 6 it ever goes away):

/// <summary>
/// HTTP module to restrict access by IP address
/// </summary>

public class SecurityHttpModule : IHttpModule
 public SecurityHttpModule() { }

    public void Init(HttpApplication context)
        context.BeginRequest += new EventHandler(Application_BeginRequest);

    private void Application_BeginRequest(object source, EventArgs e)
        HttpContext context = ((HttpApplication)source).Context;
        string ipAddress = context.Request.UserHostAddress;
        if (!IsValidIpAddress(ipAddress))
            context.Response.StatusCode = 403;  // (Forbidden)


    private bool IsValidIpAddress(string ipAddress)
        return (ipAddress == "");

    public void Dispose() { /* clean up */ }

Once the HTTP Module 5 class is built you need to register it in 4 the httpModules section of your web.config 3 file, like this:

            <add name="SecurityHttpModule" type="SecurityHttpModule"/>

This adds the module to 2 the ASP.NET request pipeline for your web 1 application.

Score: 9

Here is an article from Microsoft on how to do this.

Setting Folder Security by IP Address or Domain Name

Apache uses 25 the Allow and Deny directives to determine 24 the sites that can access a particular Web 23 site or folder. However, Apache provides 22 discretionary access control; you must either 21 deny all sites and provide a specific list 20 of sites or IP addresses that can access 19 a folder or allow all sites and deny only 18 those sites that you do not want to have 17 access. For example, if you use the following 16 directive, all client computers are denied 15 access unless they are recognized as part 14 of the domain.com domain:

Deny from all
Allow from .domain.com

IIS works the 13 same way. All clients are specifically denied 12 or granted access, except for those that 11 are listed.

Define Access Control for Specific Folder or Site

  • Log on to the Web server computer as an administrator.
  • Click Start, point to Settings, and then click Control Panel.
  • Double-click Administrative Tools, and then double click Internet Services Manager.
  • If you want to limit access for 10 the whole site, select the Web site from 9 the list of different served sites in the 8 left pane.

  • If you want to limit access only 7 for a specific folder, click the folder 6 you want to control.

  • Right-click the Web site or folder, and then click Properties.
  • Click the Directory Security panel.
  • If you want to limit access to a specific set of sites but deny access to all other sites, click Denied Access.
  • If you want to grant access to all clients by default but exclude a specific list of clients, click Granted Access.
  • To update the list of hosts or domains in the Except list, click Add.
  • To add a single computer to the list, click Single computer, type the IP address in the appropriate box, and then click OK.
  • To add a range of computers in a specific address range, click Group of computers, type the IP address for the network in the appropriate box, type the subnet mask for the network range you want to configure, and then click OK.
  • To add computers by their identified domain name, click Domain name, and then type the domain name in the appropriate box.
  • Click Properties, type the domain name, and then click OK.
  • Click OK, and then click OK.

NOTE: If you use domain 5 name restrictions, the server has to perform 4 a reverse DNS lookup for each request to 3 check the host's registered domain name. Microsoft 2 recommends that you use an IP address or 1 network range whenever you can.

Score: 8

In IIS 7 best way to restrict IP is by using 1 the config file.

Full article:

More Related questions