IIS protection

FAQ

Profile

IIS protection

Web Hosting and Web Master Forums (Home) -> IIS

Related Topics:

protection level - I have an ISAPI extenion This works when level in IIS is set to medium in most of the machine. I ave noticced that it requires to set setting to low in IIS in a few machine. Please help.

Application Protection - Hello... I have a question about in IIS5. We have a very large web based composed of about 300 VB dlls. About 125 of these run inside a COM+ package (out of process). This is the only web site on the server. We have..

Password protection for web pages ??? - I want to set up several sub web pages on my server to only allow members in. How do I configure my server to allow that ? The OS is Windows 2000 Advanced Server. I am using IIS to host my page. Thank you in advance.

application protection high - I have a problem with an IIS server that crashes. I am a DLL filter that is running on one of the sites on the server, but I am not 100% sure this site is at fault. Right now all the sites are running..

ADO and IIS Application Protection level - I have an isapi to Oracle via ADO that works fine on my Win2000 But when I move the isapi dll to the server (XP Terminal Server), the dll will only run if the level is set to low. If..

Next: IIS: Unable to see All IP"s via IIS

Author

Message

user721

External

Since: Sep 03, 2003
Posts: 4

(Msg. 1) Posted: Thu Apr 01, 2004 3:07 pm
Post subject: IIS protection
Archived from groups: microsoft>public>inetserver>iis (more info?)

I have a web server that is running with IP filtered.
Currently lot of our user using DHCP server and can't
access the site due to the IP rejection. Is there any way
to give access to those DHCP users to my site and still
have the IP protection to the web site?

>> Stay informed about: IIS protection

user658

External

Since: Aug 26, 2003
Posts: 1525

(Msg. 2) Posted: Fri Apr 02, 2004 12:28 am Post subject: Re: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

On Thu, 1 Apr 2004 12:07:32 -0800, "Afzal Ahmed" <afzal.ahmed1.RemoveThis@jsc.nasa.gov> wrote: >I have a web server that is running with IP filtered. >Currently lot of our user using DHCP server and can't >access the site due to the IP rejection. Is there any way >to give access to those DHCP users to my site and still >have the IP protection to the web site? Unblock the IP's that are being blocked. Using IP Filtering isn't a good security option with users from dynamic addresses. Jeff<!-- ~MESSAGE_AFTER~ --> >> Stay informed about: IIS protection

kgafvert

External

Since: Aug 23, 2003
Posts: 2972

(Msg. 3) Posted: Fri Apr 02, 2004 1:32 am Post subject: Re: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Excuse me? If you have blocked their IP, how are they supposed to access the website unless you remove the block? I'm sorry, but i cannot see the problem here, maybe i have misunderstood something? -- Regards, Kristofer Gafvert - IIS MVP Reply to newsgroup only. Remove NEWS if you must reply by email, but please do not. <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003 "Afzal Ahmed" <afzal.ahmed1.TakeThisOut@jsc.nasa.gov> wrote in message news:16fd401c41824$f76dbd30$a501280a@phx.gbl... > I have a web server that is running with IP filtered. > Currently lot of our user using DHCP server and can't > access the site due to the IP rejection. Is there any way > to give access to those DHCP users to my site and still > have the IP protection to the web site?<!-- ~MESSAGE_AFTER~ --> >> Stay informed about: IIS protection

user1375

External

Since: Feb 03, 2004
Posts: 423

(Msg. 4) Posted: Fri Apr 02, 2004 7:21 am Post subject: RE: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi Afzal, Actually IIS has its own IP restriction feature which can be specified as several allowed IP scopes. This should work for your DHCP scenario: In site's properties->Direcotry Security tab->IP address and domain name restrictions, by default all IPs are Granted access. You can switch it to Denied access and add several allowed IP ranges(with subnet mask) for all your intranet machines into the list. Detailed steps can be found in IIS help: " Using the Network ID and Subnet Mask A group of computers can be either denied or granted access based upon their network ID and a subnet mask. The network ID is the IP address of a host computer, usually a router for the subnet. The subnet mask determines which part of the IP address is a subnet ID, and which part is a host ID. All computers in a subnet have the same subnet ID, but have their own unique host ID. By specifying a network ID and a subnet mask, you can select a group of computers. For example, if the host computer has an IP address of 172.16.16.1 and a subnet mask of 255.255.0.0, all of the computers in that subnet would have IP addresses that began with 172.16. To select all of the computers in the subnet, enter 172.16.16.1 in the Network ID box and 255.255.0.0 in the Subnet Mask box. To grant or deny access to a group of computers 1) In IIS Manager, expand the local computer, right-click a Web site, directory, or file, and click Properties. 2) Click the Directory Security or File Security tab. In the IP address and domain name restrictions section, click Edit. 3) Click Granted access or Denied access. When you select Denied access, you deny access to all computers and domains, except to those that you specifically grant access. When you select Granted access, you grant access to all computers and domains, except to those that you specifically deny access. 4) Click Add. 5) Click Group of computers. 6) In the Network ID box, type the IP address of the host computer. 7) In the Subnet mask box, type the subnet ID for the computer you want grant or deny access to. Click OK three times. " I hope this helps. If you meet any further problem, please don't hesistate to let me know. Best regards, WenJun Zhang Microsoft Online Support This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! - www.microsoft.com/security >> Stay informed about: IIS protection

user1375

External

Since: Feb 03, 2004
Posts: 423

(Msg. 5) Posted: Mon Apr 05, 2004 9:24 am Post subject: RE: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi Afzal, Just want to check if you still need assistance on this issue? If you have any further questions or concerns on it, please don't hesistate to let me know. Thanks. Best regards, WenJun Zhang Microsoft Online Support This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! - www.microsoft.com/security >> Stay informed about: IIS protection

anonymous1599

External

Since: Apr 06, 2004
Posts: 1

(Msg. 6) Posted: Tue Apr 06, 2004 11:03 am Post subject: RE: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

I am running a web with IP filter feature. I am aware of the configuration. All I was trying to figure out is.. With my current IP filter setup DHCP user are not being able to access our web site. I don't want to allow the entire domain nor group of computers to access the site. Is there any way to allow individual user who is in DHCP server to access the site and still have the IP filter setup? Is there another way to protect the server or allow individual user to access the site? >-----Original Message----- >Hi Afzal, > >Actually IIS has its own IP restriction feature which can be >specified as several allowed IP scopes. This should work for your >DHCP scenario: > >In site's properties->Direcotry Security tab->IP address and domain >name restrictions, by default all IPs are Granted >access. You can switch it to Denied access and add several allowed IP >ranges(with subnet mask) for all your intranet machines into the >list. > >Detailed steps can be found in IIS help: >" >Using the Network ID and Subnet Mask >A group of computers can be either denied or granted access based >upon their network ID and a subnet mask. The network ID is the IP >address of a host computer, usually a router for the subnet. The >subnet mask determines which part of the IP address is a subnet ID, >and which part is a host ID. All computers in a subnet have the same >subnet ID, but have their own unique host ID. By specifying a network >ID and a subnet mask, you can select a group of computers. > >For example, if the host computer has an IP address of 172.16.16.1 >and a subnet mask of 255.255.0.0, all of the computers in that subnet >would have IP addresses that began with 172.16. To select all of the >computers in the subnet, enter 172.16.16.1 in the Network ID box and >255.255.0.0 in the Subnet Mask box. > >To grant or deny access to a group of computers >1) In IIS Manager, expand the local computer, right-click a Web site, >directory, or file, and click Properties. >2) Click the Directory Security or File Security tab. In the IP >address and domain name restrictions section, click Edit. >3) Click Granted access or Denied access. When you select Denied >access, you deny access to all computers and domains, except to those >that you specifically grant access. When you select Granted access, >you grant access to all computers and domains, except to those that >you specifically deny access. >4) Click Add. >5) Click Group of computers. >6) In the Network ID box, type the IP address of the host computer. >7) In the Subnet mask box, type the subnet ID for the computer you >want grant or deny access to. > Click OK three times. >" > >I hope this helps. If you meet any further problem, please don't >hesistate to let me know. >Best regards, > >WenJun Zhang >Microsoft Online Support >This posting is provided "AS IS" with no warranties, and confers no >rights. <font color=purple> >Get Secure! - <a style='text-decoration: underline;' href="http://www.microsoft.com/security</font" target="_blank">www.microsoft.com/security</font</a>> > >. ><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: IIS protection

user1375

External

Since: Feb 03, 2004
Posts: 423

(Msg. 7) Posted: Wed Apr 07, 2004 8:08 am Post subject: RE: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

In this case, the authorized users are coming from dynamic IPs, so IP protections isn't fully helpful: you must allow whole the IP scope of DHCP to prevent any authorized ones from being denied. "Is there another way to protect the server or allow individual user to access the site?" Sure, to achieve this, enabling user authentication is necessary: 1) First, grant these authorized domain user accounts with Read NTFS permission on the site's physical directory. If they don't have domain accounts or your server is a stand-alone workstation, create account for these users in computer management and provide them with the username and password. Refer to the following article to set NTFS permission. HOW TO: Use NTFS Security to Protect a Web Page Running on IIS 4.0 or 5.0 http://support.microsoft.com/default.aspx?scid=kb;EN-US;299970 2) Disable anonymous access in the site's Directory Security tab and enable either Basic authentication or Integrated windows auth: (For Basic auth, users must have 'Log on locally' permission:) IIS: How to Configure Basic/Clear Text Authentication for IIS 5.0 in Windows 2000 http://support.microsoft.com/default.aspx?scid=kb;en-us;262233 Here is an overview of IIS user authentication methods: HOW TO: Configure Internet Information Services Web Authentication in Windows 2000 http://support.microsoft.com/?id=308160 If anything is unclear, please feel free to let me know. Best regards, WenJun Zhang Microsoft Online Support This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! - www.microsoft.com/security >> Stay informed about: IIS protection

user1375

External

Since: Feb 03, 2004
Posts: 423

(Msg. 8) Posted: Fri Apr 09, 2004 9:12 am Post subject: RE: IIS protection [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi Afzal, Just want to check if enable authentication can be the solution for you to resolve this problem? Best regards, WenJun Zhang Microsoft Online Support This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! - www.microsoft.com/security >> Stay informed about: IIS protection

Display posts from previous:

	Web Hosting and Web Master Forums (Home) -> IIS	All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum