Solved

HTTP 403.6 - Forbidden: IP address rejected

Posted on 2009-07-07
29
1,109 Views
Last Modified: 2012-06-27
My IIS throws this error when I use VPN. If I put the IP address into IIS directory secuirty then it works.

However I would like to disable this "feature" so that it does not do any restriction based on IP etc. Is this possible?
0
Comment
Question by:syinner
  • 13
  • 6
  • 4
  • +1
29 Comments
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 24792192
check IIS Security restrictions.  as i see from  ur explanation.. there is a restriction of the ur ip block..
0
 

Author Comment

by:syinner
ID: 24792240
under ip and domain name restrictions there is nothing being denied explicitly. i,e its a blank list.
0
 
LVL 25

Expert Comment

by:Robbie_Leggett
ID: 24830636
Does it say "Deny all except the list below" or "Allow all except the list below"?
 
:-)
0
 

Author Comment

by:syinner
ID: 24831691
Fairly sure I have selected the right option.

I have attached screenshots.
iis-settings.jpg
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24831707

Hi syinner,

If the setting is per your first screenshot, that would explain why you are having problems. The first screenshot is essentially saying "Everyone will be automatically denied access, UNLESS their IP address is listed in the list". This means if the address of your VPN client is not in the list, it will automatically be denied.

By choosing the 'Granted Access' option, the rule changes. EVERYONE is automatically ALLOWED access, UNLESS their IP address is in the list (those in the list are DENIED access).

So you must either give everyone full access by choosing Granted Access - meaning it will work automatically over the VPN - or if security is a must, access must be denied and then IP addressed added manually. IP-based security is not the most fool-proof, so you should also look at securing the directory through other means - such as Windows-based Authentication.

-Matt
0
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 24837635
IF ur Webserver is behind a firewall or in a DMZ network.. ur local ip's while connecting to server can be translatedin to a different Ip ora IP block.
Contact ur network admin and ask for this..

0
 
LVL 19

Expert Comment

by:Melih SARICA
ID: 24837636
IF ur Webserver is behind a firewall or in a DMZ network.. ur local ip's while connecting to server can be translatedin to a different Ip ora IP block.
Contact ur network admin and ask for this..

0
 

Author Comment

by:syinner
ID: 24837793
If VPN software assigns a "new" ip to the web server and myself when connecting. So let say normally the webserver is 192.168.x.x, its now 5.x.x.x when connecting.
0
 
LVL 25

Expert Comment

by:Robbie_Leggett
ID: 24837798
Add the new IP address to the list of allowed IP's and it should work.
 
:-)
0
 

Author Comment

by:syinner
ID: 24837814
That is what I have been doing but its a pain... is there a way to bypass the ip security?
0
 
LVL 25

Expert Comment

by:Robbie_Leggett
ID: 24837925
If you change the settings to the same as the second image, every IP will be granted access.
 
:-)
0
 

Author Comment

by:syinner
ID: 24837956
Thanks, I will try that.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24838106

Yes.
Per my comment, click the 'Granted Access' option and then remove all entries from the list of IPs.

This will grant ALL computers access.

-Matt
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:syinner
ID: 24841453
Hi there, just tried it and it has not worked. I cleared the granted and denied screens. I went as far as restarting IIS and it now denies all IP's.
0
 
LVL 25

Accepted Solution

by:
Robbie_Leggett earned 125 total points
ID: 24841748
As Matt said, make sure you have the "Granted Acess" radio button selected.
 
:-)
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24842662

Please post another screenshot of the IP security which is currently not working.

Is the error message still reporting the IP is rejected?

-Matt
0
 

Author Comment

by:syinner
ID: 24846724
I have had to put the IP's back in, so will only be able to get another screenshot tonight.

But I got the same error and I can assure you that both screens, granted and denied access are blank.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 125 total points
ID: 24847707

When you set it to 'Granted Access' and clear the IP list, what error message do you see from the server? Is it the same "IP address rejected" error or another message?

-Matt
0
 

Author Comment

by:syinner
ID: 24847727
Same error, IP address rejected.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24847745

Screenshot again would be helpful as soon as you can provide it.
0
 

Author Comment

by:syinner
ID: 24851543
Here is the latest screenshots
iis-settings-2.jpg
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24851552

What setting is it set to at present? 'Granted Access' (third screenshot)?

If that is the case, what happens if you use http://server-name or http://IP-address rather than http://localhost in Internet Explorer?

-Matt
0
 

Author Comment

by:syinner
ID: 24851855
The granted screen stays empty. I add to the denied expect for the following screen.

I tried http://servername and it made no difference. Also tried from a workstation.
0
 

Author Comment

by:syinner
ID: 24858027
Does it make any different that it's IIS 6.0?
0
 

Author Comment

by:syinner
ID: 24859378
Maybe something to do with Windows 2003 Small Business Server?
0
 

Author Comment

by:syinner
ID: 24860630
I finally got it... never noticed that the denied access and allow access was doing one or the other. I presumed I had to configure both.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now