Block an IP address accessing the application

Published May 25 2021 01:17 PM 1,344 Views
Microsoft

In the IIS logs, you may come across a specific IP address that is generating a high amount of traffic. If you suspect that this is a malicious activity, you can block the IP address in IIS.

 

Steps for using IP and Domain Restrictions module to block an IP address:

  1. If not installed already, install “IP and Domain Restrictions” using Server Manager
  2. Go to IIS Manager (close and reopen it if it was already open)
  3. Click on your website
  4. Double click on “IP Address and Domain Restrictions”
  5. Add a Deny rule and type the IP address

 

Nedim_0-1621973763807.jpeg

 

The user whose IP address is blocked will see “403 – Forbidden: Access is denied” message. If you want to change this message, check out this tutorial.

 

Nedim_1-1621973763825.jpeg

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2385187%22%20slang%3D%22en-US%22%3EBlock%20an%20IP%20address%20accessing%20the%20application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2385187%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20IIS%20logs%2C%20you%20may%20come%20across%20a%20specific%20IP%20address%20that%20is%20generating%20a%20high%20amount%20of%20traffic.%20If%20you%20suspect%20that%20this%20is%20a%20malicious%20activity%2C%20you%20can%20block%20the%20IP%20address%20in%20IIS.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESteps%20for%20using%20IP%20and%20Domain%20Restrictions%20module%20to%20block%20an%20IP%20address%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EIf%20not%20installed%20already%2C%20install%20%E2%80%9CIP%20and%20Domain%20Restrictions%E2%80%9D%20using%20Server%20Manager%3C%2FLI%3E%0A%3CLI%3EGo%20to%20IIS%20Manager%20(close%20and%20reopen%20it%20if%20it%20was%20already%20open)%3C%2FLI%3E%0A%3CLI%3EClick%20on%20your%20website%3C%2FLI%3E%0A%3CLI%3EDouble%20click%20on%20%E2%80%9CIP%20Address%20and%20Domain%20Restrictions%E2%80%9D%3C%2FLI%3E%0A%3CLI%3EAdd%20a%20Deny%20rule%20and%20type%20the%20IP%20address%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Nedim_0-1621973763807.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F283665i24DAEED020E90B75%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Nedim_0-1621973763807.jpeg%22%20alt%3D%22Nedim_0-1621973763807.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20user%20whose%20IP%20address%20is%20blocked%20will%20see%20%E2%80%9C%3CEM%3E403%20%E2%80%93%20Forbidden%3A%20Access%20is%20denied%3C%2FEM%3E%E2%80%9D%20message.%20If%20you%20want%20to%20change%20this%20message%2C%20check%20out%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fiis%2Fget-started%2Fwhats-new-in-iis-8%2Fiis-80-dynamic-ip-address-restrictions%23configuring-the-behavior-for-iis-when-denying-ip-addresses%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20tutorial%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Nedim_1-1621973763825.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F283666iC507C43081BB73BF%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Nedim_1-1621973763825.jpeg%22%20alt%3D%22Nedim_1-1621973763825.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2385187%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20suspect%20a%20malicious%20activity%2C%20you%20can%20block%20the%20IP%20address%20in%20IIS%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Co-Authors
Version history
Last update:
‎May 25 2021 01:17 PM
Updated by: