Setting IP address and domain filtering in IIS using PowerShell script
Restricting and allowing traffic to web application through IIS using PowerShell
Starting from IIS 7.0 Microsoft introduced IP and Domain restrictions feature as a part of IIS setup. However, if you do not have this feature installed on your IIS you can easily install it through windows features adding steps which are pretty much same for each Windows version (https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/ipsecurity/add) or simply by using WebPlatform Installer.
Just run WebPlatform Installer and search for IP and Domain restrictions in search box. Click Add button and then Install button.
The feature will be added to your IIS and will be available throught IIS Manager for the website you want rule s to be applied. It provides a simple interface for adding IP addresses and domains for filtering wether you want to block or allow traffic from.
However, if you do not have the access to IIS Manager UI on your host, you can set the IP and domain filtering rules through PowerShell script using Add-WebConfiguration which is a part of WebAdministration PowerShell module.
Let's assume you want to apply IP blocking rule for specific IP address to a website named Test on your IIS. You can execute the following PowerShell command
# Add new IP address entry to restrictions to website Test Add-WebConfigurationProperty -Filter 'system.webServer/security/ipSecurity' -PSPath "IIS:\" -Location "Test" -Name "." -Value @{ipAddress="192.168.5.63";allowed="false";} -ErrorAction Stop
In case you want to add IP CIDR for the IP range you can simply add subnetMask attribute to the command
# Add new IP CIDR entry to restrictions to website Test Add-WebConfigurationProperty -Filter 'system.webServer/security/ipSecurity' -PSPath "IIS:\" -Location "Test" -Name "." -Value @{ipAddress="192.168.5.63";allowed="false";subnetMask="24";} -ErrorAction Stop
These settings will be seved to your host config file which is located on the machine at %WINDIR%\System32\inetsrv\config\applicationHost.config
<configuration> ... <location path="Test"> <system.webServer> <security> <ipSecurity> <add ipAddress="192.188.5.63" allowed="false" /> <add ipAddress="192.188.5.63" subnetMask="24" allowed="false" /> </ipSecurity> </security> </system.webServer> </location> ... </configuration>
Unfortunately PowerShell does not have ability to do web.config changes out of the box, so you are pretty much stuck to setting configuration values for your web application throught %WINDIR%\System32\inetsrv\config\applicationHost.config and PowerShell. This method can also set values for your application settings section which will be automatically inherited from the applicationHost.config for your website
If you open IIS manager, point to your site to which you ran PowerShell for and open IP Address and Domain Restrictions section you will see your settings from PowerShell script
References
Disclaimer
Purpose of the code contained in snippets or available for download in this article is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.
Comments for this article