Tuesday, 13 January 2015

How to configure IP Address Restriction for your MVC/WebForms Application?

Step 1: Enable IP Security Feature in Windows

  • Go to "Turn Windows Features on or off"
  • Find the IP Security checkbox under IIS/WorldWide Services/Security
  • Enable it
Step 2: Unlock IP Security Feature in IIS
  • Open IIS Manager
  • Click the Server name/Configuration Editor
  • Select IP Security section
  • Make sure it’s unlocked
Step 3: Add the Restrictions to the Web.config

Add only the IP Addresses that must be allowed access to this:

“allowUnlisted” attribute means access to all IP Addresses must be denied apart from the ones listed below.

“allowed” attribute must be set to true otherwise by default it’s false and just denies access to the IP Address.


No comments: