Security

Previous Topic Next Topic

IP Address Access Control

IIS 5.0 can be configured to grant or deny access to specific IP addresses. For example, you can prevent a company or individual from accessing your site by listing the appropriate IP address, IP address range, or Domain Name System (DNS) name (IIS 5.0 checks the IP address first, then the DNS name). You can even prevent entire networks from gaining access to your server. Conversely, you can allow only specific sites or IP addresses to have access to your service.

If IIS 5.0 is configured to allow access by all IP addresses except those listed as exceptions to that rule, then access is denied to any computer with an IP address included in that list. Conversely, if IIS 5.0 is configured to deny all IP addresses, access is denied to all remote users except those whose IP addresses have been specifically granted access. IP address access restrictions are available for each of the IIS 5.0 services.

When controlling access by IP address, be aware that many Web users will be passing through a proxy server or a firewall. The incoming connection to your Web server will appear to have originated from the proxy server or firewall itself (in other words, the IP address of the originator will be that of the proxy server or firewall). This might be useful in a corporate network as an added security measure, in order to prevent access by anyone from outside your IP address domain.


© 1997-1999 Microsoft Corporation. All rights reserved.