RE: IIS protection
From: WenJun Zhang[msft] (v-wzhang_at_online.microsoft.com)
Date: 04/02/04
- Next message: st.soh: "Re: Nude Neighbour Tanning 3534"
- Previous message: Tony: "Help: process inetinfo.exe keeps enlarging, then IIS is dead"
- In reply to: Afzal Ahmed: "IIS protection"
- Next in thread: WenJun Zhang[msft]: "RE: IIS protection"
- Reply: WenJun Zhang[msft]: "RE: IIS protection"
- Reply: Afzal. Ahmed1_at_jsc.nasa.gov: "RE: IIS protection"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 02 Apr 2004 04:21:09 GMT
Hi Afzal,
Actually IIS has its own IP restriction feature which can be
specified as several allowed IP scopes. This should work for your
DHCP scenario:
In site's properties->Direcotry Security tab->IP address and domain
name restrictions, by default all IPs are Granted
access. You can switch it to Denied access and add several allowed IP
ranges(with subnet mask) for all your intranet machines into the
list.
Detailed steps can be found in IIS help:
"
Using the Network ID and Subnet Mask
A group of computers can be either denied or granted access based
upon their network ID and a subnet mask. The network ID is the IP
address of a host computer, usually a router for the subnet. The
subnet mask determines which part of the IP address is a subnet ID,
and which part is a host ID. All computers in a subnet have the same
subnet ID, but have their own unique host ID. By specifying a network
ID and a subnet mask, you can select a group of computers.
For example, if the host computer has an IP address of 172.16.16.1
and a subnet mask of 255.255.0.0, all of the computers in that subnet
would have IP addresses that began with 172.16. To select all of the
computers in the subnet, enter 172.16.16.1 in the Network ID box and
255.255.0.0 in the Subnet Mask box.
To grant or deny access to a group of computers
1) In IIS Manager, expand the local computer, right-click a Web site,
directory, or file, and click Properties.
2) Click the Directory Security or File Security tab. In the IP
address and domain name restrictions section, click Edit.
3) Click Granted access or Denied access. When you select Denied
access, you deny access to all computers and domains, except to those
that you specifically grant access. When you select Granted access,
you grant access to all computers and domains, except to those that
you specifically deny access.
4) Click Add.
5) Click Group of computers.
6) In the Network ID box, type the IP address of the host computer.
7) In the Subnet mask box, type the subnet ID for the computer you
want grant or deny access to.
8) Click OK three times.
"
I hope this helps. If you meet any further problem, please don't
hesistate to let me know.
Best regards,
WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! - www.microsoft.com/security
- Next message: st.soh: "Re: Nude Neighbour Tanning 3534"
- Previous message: Tony: "Help: process inetinfo.exe keeps enlarging, then IIS is dead"
- In reply to: Afzal Ahmed: "IIS protection"
- Next in thread: WenJun Zhang[msft]: "RE: IIS protection"
- Reply: WenJun Zhang[msft]: "RE: IIS protection"
- Reply: Afzal. Ahmed1_at_jsc.nasa.gov: "RE: IIS protection"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
