HTTP 403.6 - Forbidden: IP address rejected

My IIS throws this error when I use VPN. If I put the IP address into IIS directory secuirty then it works.

However I would like to disable this "feature" so that it does not do any restriction based on IP etc. Is this possible?
syinnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Melih SARICAOwnerCommented:
check IIS Security restrictions.  as i see from  ur explanation.. there is a restriction of the ur ip block..
0
syinnerAuthor Commented:
under ip and domain name restrictions there is nothing being denied explicitly. i,e its a blank list.
0
Robbie_LeggettCommented:
Does it say "Deny all except the list below" or "Allow all except the list below"?
 
:-)
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

syinnerAuthor Commented:
Fairly sure I have selected the right option.

I have attached screenshots.
iis-settings.jpg
0
tigermattCommented:

Hi syinner,

If the setting is per your first screenshot, that would explain why you are having problems. The first screenshot is essentially saying "Everyone will be automatically denied access, UNLESS their IP address is listed in the list". This means if the address of your VPN client is not in the list, it will automatically be denied.

By choosing the 'Granted Access' option, the rule changes. EVERYONE is automatically ALLOWED access, UNLESS their IP address is in the list (those in the list are DENIED access).

So you must either give everyone full access by choosing Granted Access - meaning it will work automatically over the VPN - or if security is a must, access must be denied and then IP addressed added manually. IP-based security is not the most fool-proof, so you should also look at securing the directory through other means - such as Windows-based Authentication.

-Matt
0
Melih SARICAOwnerCommented:
IF ur Webserver is behind a firewall or in a DMZ network.. ur local ip's while connecting to server can be translatedin to a different Ip ora IP block.
Contact ur network admin and ask for this..

0
Melih SARICAOwnerCommented:
IF ur Webserver is behind a firewall or in a DMZ network.. ur local ip's while connecting to server can be translatedin to a different Ip ora IP block.
Contact ur network admin and ask for this..

0
syinnerAuthor Commented:
If VPN software assigns a "new" ip to the web server and myself when connecting. So let say normally the webserver is 192.168.x.x, its now 5.x.x.x when connecting.
0
Robbie_LeggettCommented:
Add the new IP address to the list of allowed IP's and it should work.
 
:-)
0
syinnerAuthor Commented:
That is what I have been doing but its a pain... is there a way to bypass the ip security?
0
Robbie_LeggettCommented:
If you change the settings to the same as the second image, every IP will be granted access.
 
:-)
0
syinnerAuthor Commented:
Thanks, I will try that.
0
tigermattCommented:

Yes.
Per my comment, click the 'Granted Access' option and then remove all entries from the list of IPs.

This will grant ALL computers access.

-Matt
0
syinnerAuthor Commented:
Hi there, just tried it and it has not worked. I cleared the granted and denied screens. I went as far as restarting IIS and it now denies all IP's.
0
Robbie_LeggettCommented:
As Matt said, make sure you have the "Granted Acess" radio button selected.
 
:-)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tigermattCommented:

Please post another screenshot of the IP security which is currently not working.

Is the error message still reporting the IP is rejected?

-Matt
0
syinnerAuthor Commented:
I have had to put the IP's back in, so will only be able to get another screenshot tonight.

But I got the same error and I can assure you that both screens, granted and denied access are blank.
0
tigermattCommented:

When you set it to 'Granted Access' and clear the IP list, what error message do you see from the server? Is it the same "IP address rejected" error or another message?

-Matt
0
syinnerAuthor Commented:
Same error, IP address rejected.
0
tigermattCommented:

Screenshot again would be helpful as soon as you can provide it.
0
syinnerAuthor Commented:
Here is the latest screenshots
iis-settings-2.jpg
0
tigermattCommented:

What setting is it set to at present? 'Granted Access' (third screenshot)?

If that is the case, what happens if you use http://server-name or http://IP-address rather than http://localhost in Internet Explorer?

-Matt
0
syinnerAuthor Commented:
The granted screen stays empty. I add to the denied expect for the following screen.

I tried http://servername and it made no difference. Also tried from a workstation.
0
syinnerAuthor Commented:
Does it make any different that it's IIS 6.0?
0
syinnerAuthor Commented:
Maybe something to do with Windows 2003 Small Business Server?
0
syinnerAuthor Commented:
I finally got it... never noticed that the denied access and allow access was doing one or the other. I presumed I had to configure both.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.