Go back to the Delta Guide Home Page. Download this article as a PDF file.

A020303

Setting Security Based on Hosts Accessing your Site

Setting Host-based Security

IIS enables you to restrict the sites that users can visit by the hostname, domain name or IP address or range that they use. This can be useful if you want to host sites on a machine that handles both public and private traffic. For example, you wouldn't want your intranet to be accessible from the outside world.

IIS handles this through a system of discretionary access control—you must either

• Deny all sites and provide specific access to a list of sites or IP addresses that can access the directory or Web site

or

• Allow all sites and deny specific sites or hosts that you do not want to have access to your machine

For example, if you choose to deny all and then only accept requests from mcslp.com, only hosts whose addresses map to that domain will be granted access to your site—all other users will be restricted.

Alternatively, if you allow all connections, but list mcslp.com, members of the mcslp.com DNS domain will be able to access your site.

To define the access control for a given directory or site

1. If you want to limit access for the entire site, select the Web site from the list of different served sites in the panel on the left. If you only want to limit access for a specific directory, choose the directory you want to control.

2. Right-click on the Web site or director and point to Properties.

3. Select the Directory Security panel.

4. If you want to limit access to a specific set of sites but deny it to all others, select Denied Access.

5. If you want to allow all clients by default but exclude a specific list of clients, select Granted Access.

6. To update the list of hosts or domains in the Except list, click Add.

7. To add a single computer to the list, click Single computer. Enter the IP address into the box and click OK.

8. To add a range of computers within a specific address range, click Group of Computers. Enter the IP address for the network and the subnet mask for the desired network range and click OK.

9. To add computers by their identified domain name, click Domain name. Enter the domain name.

10. Click Properties to open the extended properties dialog box. Enter the domain name and click OK.

11. Click OK to accept the security settings.

Note: Using Domain name restrictions puts a heavy load on the server because it has to perform a reverse DNS lookup for each request to check the host's registered domain name. Try to use an IP address or network range where possible.

© Copyright Pearson Education. All rights reserved.

Go back to the Delta Guide Home Page. Download this article as a PDF file.