Restricting folder and sub-folder access via IP in web.config

Question

User694418659 posted

Hello,

We have some code in our web.config file which restricts access from all IP addresses accept those we have listed. Here is an extract:

<location path="unicol">

<system.webServer>

<security>

<ipSecurity allowUnlisted="false">

<clear/>

<add ipAddress="105.226.0.0" subnetMask="255.255.0.0" allowed="true"/>

</ipSecurity>

</security>

</system.webServer>

Question: would all subfolders under "unicol" be automatically included, or do they have to be individually specified? We have people being denied access to the folder "unicol/archives" (403.6 error) yet are able to access the "unicol" folder without issue. Content is at http://www.rcycp.com/unicol/archives

Thanks.

Answer 1

User753101303 posted

Hi,

You mean they can't access "unicol" but can still access to "unicol/archives" ?

AFAIK it will work just for this particular location. If instead you use a web.config file in the unicol folder (with just those settings), I expect this to be inherited by child folders (also an IP can easily be forged FAIK

Answer 2

User694418659 posted

Hi,

No, the other way round. Access is good at unicol but not at unicol/archives

BTW, our web.config is in the root folder ie. www.rcycp.com

Martin

Answer 3

User1724605321 posted

Hi stabes,

Please try to add config file in unicol folder , not  specify a location tag, so that the the configuration will apply to this entire folder and its subfolders.

Best Regards,

Nan Yu

Answer 4

User694418659 posted

Thanks. Are you saying that I should add the web.config file to the unicol folder and remove the lines where the specific IP addresses are specified?

Answer 5

User1724605321 posted

Hi stabes,

You can create a new web.config file in the particular directly which you want to protect :

https://hoststud.com/resources/how-to-allow-deny-ip-access-to-a-specific-ip-address-through-web-config.311/ 

Best Regards,

Nan Yu