Welcome to WebmasterWorld Guest from 35.153.135.60

Forum Moderators: phranque

Message Too Old, No Replies

Block IP range

Does anyone know how to block a range of IP addresses on IIS4?

     
10:26 am on Jun 6, 2002 (gmt 0)

New User

10+ Year Member

joined:May 30, 2002
posts:35
votes: 0


I've been getting malicious traffic from certain parts of Asia and I need to block a specific range of IPs from visiting certain sites. I think I can do this from the security tab in a website's properties in IIS4, but I don't have a clue about subnet masks and that sort of thing, which it asks me for if I want to block more than one IP.
Can anyone help me out with this? I need to block Indonesian traffic in particular.

Cheers.

6:30 am on June 9, 2002 (gmt 0)

New User

10+ Year Member

joined:June 9, 2002
posts:31
votes: 0


Interesting.
What if you converted the IP number to an integer by removing the dots, and wrote a script that would tell the system something like

"if this ip is greater than this, or less than this than don't let it in"

Could work.

11:32 am on June 11, 2002 (gmt 0)

New User

10+ Year Member

joined:May 30, 2002
posts:35
votes: 0


Thanks for the tip. I'm not really too up to date on scripting for IIS so I was hoping I could block the offenders using just the management console interface. Could I use a script just to block traffic to one website in IIS or would I have to block for all the sites?
If anyone has any ideas where I could find a suitable script or if there is an easier way to block IPs then I would really appreciate it.
11:52 am on June 11, 2002 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 8, 2001
posts:766
votes: 0


If you go to the iis console and right click on your web site and then go to directory securty.

Click on edit IP address and Domain Name Restrictions

Then you can click on group of computers. Now comes the understanding of subnet masks!

Supposing the range you want to block is 192.168.0.10 to 192.168.0.47

There is a table you need to remember which is:

Subnet mask/Range Size
128/128
192/64
224/32
240/16
248/8
252/4
254/2

You will see that you need to block 37 ip addresses (47-10). Using the chart above the least amount of entries you will need to use is 3 (a range of 32, 4 and a single ip)

So you can now add the following entries to the blocking list:

Individual IP Address:
192.168.0.10

Group:
192.168.0.11, Subnet 255.255.255.224 (32 ip addresses)
192.168.0.43, Subnet 255.255.255.252 (4 ip addresses)

So now you have blocked all ips from 192.168.0.10 to 192.168.0.47