iis | security | aspnet

IP Security - Configure IP address restrictions in Web.Config on IIS

Restrict access to your website using IIS IP security

Edson Frainlar
Edson FrainlarJanuary 09, 2018 · 1 min read · Last Updated:

When your website is using some kind of proxy/firewall just like Sucuri to increase the security, you need to make sure that only the allowed ones are accessing the site directly, so that all the requests to the site is going through the firewall.

To ensure this, we use the IP security feature in IIS, in which we can configure which IP’s are allowed.

2 ...
3 <security>
4 <ipSecurity allowUnlisted="false">
5 <clear />
6 <add ipAddress="-.-.-.-" subnetMask="-.-.-.-" allowed="true" />
7 <add ipAddress="-.-.-.-" subnetMask="-.-.-.-" allowed="true" />
8 <add ipAddress="-.-.-.-" subnetMask="-.-.-.-" allowed="true" />
9 <add ipAddress="-.-.-.-" subnetMask="-.-.-.-" allowed="true" />
10 </ipSecurity>
11 ...
12 </security>

In the above code, we set allowUnlisted attribute to false to prevent access to all IP address unless they are listed. And then we add the allowed IP addresses one by one. eg.

1<add ipAddress="" subnetMask="" allowed="true" />

Additional Resource

This page is open source. Noticed a typo? Or something unclear?
Improve this page on GitHub

Edson Frainlar

Written byEdson Frainlar
Mission-driven Full-stack Developer with a passion for developing KTern, Dev Collaboration, and teaching. Curious to explore Quantum Information and Computing.

Is this page helpful?

Related SnippetsView All

Related VideosView All

Signal - the most secure messenger for everyone

Common API Security Pitfalls - Philippe De Ryck

How to use Azure Bastion to connect securely to your Azure VMs | Azure Friday

Related Tools & ServicesView All


Have i been pwned?

Check if you have an account that has been compromised in a data breach

SmarterASP.net - Unlimited ASP.NET Web Hosting

ASP.NET Hosting by SmarterASP.net. Unlimited ASP.NET Hosting Plans Starting at $2.95 a month.