Restrict access to website by IP address in SBS 2003

Posted on 2011-04-29
Last Modified: 2012-05-11
I have a website hosted in my SBS 2003 using IIS 6. I want to deny access to all the computers except a set of static IP addresses. I put restrictions under directory security for the website and aloow the addresses but in sbs the IP addresses that hit the website are converted to the internal IP of my server so everything is denied. If I add the internal IP to the granted access anybody can see the website. I am not an expert in iis or sbs and I don't know what to change to have iis get the real IP instead of the internal IP so I can restrict the access to the website.
Any help will be great.
Question by:ocortes
    LVL 9

    Expert Comment

    What do you mean by "the IP addresses that hit the website are converted to the internal IP of my server"- how are you getting the IP of those hitting your site?

    Author Comment

    The way that SBS publish the website I can be using any IP address or hitting the website from anywhere and when it goes to iis it just sees the internal IP address in my domain not the real IP that is trying to see the website. I don't know if this has to do with ISA server that I have installed with SBS 2003 premium or if it is the configuration in iis. I just need to block all access except for a set of static IP addresses.
    LVL 1

    Expert Comment

    so why do you want to restric to static IPs? do they relate to physical workstations that users use? if so you might want to think about restricting via Global or local Groups instead so you can limit to user base and not IPs. and use Windows Authentication to restrict access to the site, would make it alot easier to add users to a group to give and remove access then to add\remove static ips.

    Author Comment

    The app is a web time clock and I just want to allow people to clock in from one of  our offices. Each office has a static ip address and I don't want to create a vpn to our main office that is why I just want to allow the set of static ip address and block everything else.

    Accepted Solution

    I found the solution, the problem was that ISA server was making the requests appear to come from the ISA Server computer. I change the setting to make the requests appear from the actual client and I can see the IP addresses.
    Thank you

    Author Closing Comment

    I found the answer

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
    Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now