[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

Restrict portions of an IIS 7.5 site to a list of IP addresses

We are using a purchased Java/Tomcat product on our Windows 2008 R2 (IIS 7.5) servers.   This product offers web services to which we'd like to filter access by IP address.    These services are contained within the same URL folder (example:  http://myServer.com/AllServices/ServicesToFilterAccess/...   But we only wish to limit access to that folder.  The primary site should remain free to all.

I know that you can restrict acccess to the entire site by IP address.   But is there a way to control just isolated pieces that way?

Thank you.
0
RichardKline
Asked:
RichardKline
  • 3
1 Solution
 
binaryevoCommented:
Ive never run into a situation where this has been required but, my first guess would be try and restrict it by virutal directory and ip combination.  Not sure this will work but, hey its worth a shot.  When I get to where I have access to a web server again ill do some more digging for you.  Try doing the IP Address & Domain Restrictions piece when clicking on that directory you want to secure.
0
 
vinsvinCommented:
How to configure Web server permissions for Web content in IIS
http://support.microsoft.com/kb/313075

This should help you
0
 
RichardKlineAuthor Commented:
binaryevo:   I'l  take a look.  Thanks!

vinsvin:  This method assumes that IIS can determine the user's account information.   This site is Java/Tomcat and uses non-AD authentication methods.   So the necessary information is hidden from IIS.     But Thanks!
0
 
RichardKlineAuthor Commented:
I found the answer:   Microsoft URL Rewrite Module 2.0 for IIS 7
http://www.microsoft.com/en-us/download/details.aspx?id=7435

Microsoft's description: URL Rewrite Module 2.0 provides a rule-based rewriting mechanism for changing requested URL’s before they get processed by web server and for modifying response content before it gets served to HTTP clients.

It probably does that :)   But I use it to create rules in a web.config file that are used to control per IP address access to specific site folders.
0
 
RichardKlineAuthor Commented:
I found the solution myself but wanted to post this as information for others and not just delete the question.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now