RE: IIS protection
From: Afzal. Ahmed1_at_jsc.nasa.gov (Ahmed1_at_jsc.nasa.gov)
Date: 04/06/04
- Next message: Afzal Ahmed: "Re: WebDev"
- Previous message: Po-Shan Chang: "Better state management in the web farm?"
- In reply to: WenJun Zhang[msft]: "RE: IIS protection"
- Next in thread: WenJun Zhang[msft]: "RE: IIS protection"
- Reply: WenJun Zhang[msft]: "RE: IIS protection"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 6 Apr 2004 08:03:49 -0700
I am running a web with IP filter feature. I am aware of
the configuration. All I was trying to figure out is..
With my current IP filter setup DHCP user are not being
able to access our web site. I don't want to allow the
entire domain nor group of computers to access the site.
Is there any way to allow individual user who is in DHCP
server to access the site and still have the IP filter
setup?
Is there another way to protect the server or allow
individual user to access the site?
>-----Original Message-----
>Hi Afzal,
>
>Actually IIS has its own IP restriction feature which can
be
>specified as several allowed IP scopes. This should work
for your
>DHCP scenario:
>
>In site's properties->Direcotry Security tab->IP address
and domain
>name restrictions, by default all IPs are Granted
>access. You can switch it to Denied access and add
several allowed IP
>ranges(with subnet mask) for all your intranet machines
into the
>list.
>
>Detailed steps can be found in IIS help:
>"
>Using the Network ID and Subnet Mask
>A group of computers can be either denied or granted
access based
>upon their network ID and a subnet mask. The network ID
is the IP
>address of a host computer, usually a router for the
subnet. The
>subnet mask determines which part of the IP address is a
subnet ID,
>and which part is a host ID. All computers in a subnet
have the same
>subnet ID, but have their own unique host ID. By
specifying a network
>ID and a subnet mask, you can select a group of computers.
>
>For example, if the host computer has an IP address of
172.16.16.1
>and a subnet mask of 255.255.0.0, all of the computers in
that subnet
>would have IP addresses that began with 172.16. To select
all of the
>computers in the subnet, enter 172.16.16.1 in the Network
ID box and
>255.255.0.0 in the Subnet Mask box.
>
>To grant or deny access to a group of computers
>1) In IIS Manager, expand the local computer, right-click
a Web site,
>directory, or file, and click Properties.
>2) Click the Directory Security or File Security tab. In
the IP
>address and domain name restrictions section, click Edit.
>3) Click Granted access or Denied access. When you select
Denied
>access, you deny access to all computers and domains,
except to those
>that you specifically grant access. When you select
Granted access,
>you grant access to all computers and domains, except to
those that
>you specifically deny access.
>4) Click Add.
>5) Click Group of computers.
>6) In the Network ID box, type the IP address of the host
computer.
>7) In the Subnet mask box, type the subnet ID for the
computer you
>want grant or deny access to.
>8) Click OK three times.
>"
>
>I hope this helps. If you meet any further problem,
please don't
>hesistate to let me know.
>Best regards,
>
>WenJun Zhang
>Microsoft Online Support
>This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>Get Secure! - www.microsoft.com/security
>
>.
>
- Next message: Afzal Ahmed: "Re: WebDev"
- Previous message: Po-Shan Chang: "Better state management in the web farm?"
- In reply to: WenJun Zhang[msft]: "RE: IIS protection"
- Next in thread: WenJun Zhang[msft]: "RE: IIS protection"
- Reply: WenJun Zhang[msft]: "RE: IIS protection"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
