Restrict page access by IP address

C

Chris Fulstow

Hi,

I need to restirict access at the page level to a range of IP
addresses. What's the best approach? I thought of building an HTTP
module that could compare the requesting IP with a restricted range,
specified in web.config. Any thoughts?

Thanks,
Chris
 
K

Kevin Spencer

Use a base Page class which inherits System.Web.UI.Page, and checks the
client IP against the list in the web.config. If you want to save
processing, you can set a Session variable that indicates the IP is fine,
and only call the method if the Session variable is not present.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Numbskull

Show me your certification without works,
and I'll show my certification
*by* my works.
 
C

Chris Fulstow

Thanks Kevin, that's a great idea. I could first check the IP in
Session_OnStart and set the Session variable, then use Page_Init to
check if the requested page is accessible. If it's not, then send an
HTTP 403 response to the browser. It might just work... :)
 
J

Juan T. Llibre

You can do it right in IIS.
In the IIS 6.0 Administrator's guide, there's complete instructions.

Open D:\WINDOWS\Help\IIS.chm

and search for "IP addresses, controlling access to applications"

Securing Sites with IP Address Restrictions

You can configure your Web site to grant or deny specific computers,
groups of computers, or domains access to Web sites, directories, or files.

IP address restrictions apply only to IPv4 addresses.

Important : You must be a member of the Administrators group on the local computer to perform
the following procedure (or procedures), or you must have been delegated the appropriate authority.

To grant or deny access to a group of computers
1.. In IIS Manager, expand the local computer, right-click a Web site, directory, or file, and
click Properties.
2.. Click the Directory Security or File Security tab. In the IP address and domain name
restrictions section, click Edit.
3.. Click Granted access or Denied access. When you select Denied access, you deny access to
all computers and domains, except to those that you specifically grant access. When you select
Granted access, you grant access to all computers and domains, except to those that you specifically
deny access.
4.. Click Add.
5.. Click Group of computers.
6.. In the Network ID box, type the IP address of the host computer.
7.. In the Subnet mask box, type the subnet ID for the computer you want grant or deny access to.
8.. Click OK three times.
 
C

Chris Fulstow

Thanks Juan - it might be that I need to control access to individual
pages, but it might turn out to be the whole site, in which case I'll
definitely use this approach.
 
G

Guest

Hi I'm working with IIS 5.0 and for some odd reason a single IP address is
not being blocked even though I've denied all users except for a few IP
addresses. I was wondering if in IIS 5.0 I'm able to both grant access to a
certain group of IP addresses as well as deny access to one domain name
without having to write an ISAPI script. Or is it just a "one or the other"
option?

v/r,
reena
 
G

Guest

Hi,
I was reading through this and I was wondering if you could restrict page
access by domain name?

v/r,
reena
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top