locked
IP restrictions block all except one does not work RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-509796436 posted

    Hi, 

    Our website is hosted on one of our Azure virtual machines. I'm trying to restrict all IP access to our site except one particular IP address. I have the following configuration at my Site level.

    steps which I took:

    1) added Allow entry to my IP address

    2) set edit feature settings to deny with ticked enable proxy mode.

    It restricts access without applying to allow entry. I know that it works because when I change deny action type, I get the relevant error message.

    I did try applying restrictions in a different order, i.e. apply edit feature settings first and then add allow entry. The result is the same - I cannot access the site.

    If I set edit feature settings to Allow and add deny entry to my IP, it just blocks my IP but allows access from other IPs, which is the expected behaviour. I just can't make it work to block everything except my IP.

    Any ideas what I'm doing wrong here?

    EDIT : I did try applying restrictions only in my app web.config file

    however, no joy either

    Wednesday, December 9, 2020 2:52 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1771714573 posted

    Hi AndrRap,

    I tested your way but all work well. It restrict all IP but allow a particular IP.

    Did you use vpn or other proxy IP when you visited the site?  I noticed that you check Enable proxy mode, the server will first check whether the proxy IP is allowed. Both the proxy IP and source IP are added to the Allow entry so that the IP can access.

    Best regards,

    Brucz

    Thursday, December 10, 2020 3:43 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-509796436 posted

    Hi Brucz,

    Thank you for your response. I checked Enable proxy mode on purpose and I expect both the proxy IP and source IP to be added to the Allow entry. That is fine.

    I am not using any VPN or proxy to access the site. As I have mentioned in my initial post, if I set feature settings to Allow access for unspecified clients, and add my IP as Deny entry, the IIS allows access to the site for everyone, except my IP. so this confirms that my IP is correct as I'm the only one who is not allowed to enter the site. However, I cannot achieve the scenario where I block everyone except my IP, i.e. setting edit feature settings access for unspecified clients to Deny, and Adding my IP to "Allow Entry" list. It just blocks everything without allowing me to access the site, even if my IP is "whitelisted".

    I'm open to any ideas what else might be wrong

    Monday, December 14, 2020 9:52 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1771714573 posted

    Hi AndrRap,

    If you remove all restrictions, can you access the site through your IP?

    I suggest you check the log file. When you allow other IPs but block your IP, check the IP address, status code in log. When you allow your IP but block other IPs, check it again.

    The correct deny record is:

    2020-12-10 03:23:07  GET / - 80 - IP  Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/87.0.4280.88+Safari/537.36 - 304 0 0 13

    Best regards,

    Brucz

    Tuesday, December 15, 2020 6:53 AM