Welcome to WebmasterWorld Guest from 54.146.169.191

Forum Moderators: ocean10000

Message Too Old, No Replies

ipSecurity section of web.config throws error.

ipSecurity throws error. Can't parse external FilteringRules config section

     
2:30 pm on Apr 20, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


This occurs in an MVC project.

ipSecurity:
This one seems on it's face to be straight-forward. It's almost verbatim from Microsoft's example. Yes the single IP and the range are redundant but that isn't the issue. They're just both there for a complete example.

<system.webServer>
<security>
<ipSecurity allowUnlisted="true">
<add ipAddress="92.127.176.55" />
<add ipAddress="92.124.0.0" subnetMask="255.252.0.0" />
</ipSecurity>
</security>
</system.webServer>


When I try to use this, I get the following error


Module IpRestrictionModule
Notification BeginRequest
Handler ExtensionlessUrlHandler-Integrated-4.0
Error Code 0x80070021
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
...
[b}Config Source[/b]
<security>
<ipSecurity allowUnlisted="true">


I'm working on the local development server and I have no clue why this won't work. Any thoughts would be greatly appreciated so thanks in advance.

[edited by: webcentric at 2:43 pm (utc) on Apr 20, 2016]

2:40 pm on Apr 20, 2016 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 27, 2003
posts:3332
votes: 140


If this is a local windows install, do you have "Application Development Features" checked in your IIS settings? They're in the "Turn windows features on and off" section of the Control Panel >> Internet Information Services >> World Wide Web services". I think "ISAPI Filters" might be the one you want. Also check Security >> IP security while you're there.

Otherwise, assume you have all the right boxes ticked as per [iis.net...]

One final suggestion - check for overrideModeDefault="Deny" /> in webhost.config or applicationHost.config - try changing to "allow".
6:25 pm on Apr 20, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


First, I'm working with IISExpress which may be part of the problem.If it is, it's the first time I've ever run into something like this with it. I've looked at the applicationHost.config file and don't see any issues. To verify that the problem is local, I went ahead and published the site with the IPSecurity section installed. Guess what, it works fine on the production site. Next, I'm going to see if I can create an external config section that actually works (as least on production) for things in the <security section.

. I can get that to work for rewrite on localhost but not requestfiltering or IpSecurity. Maybe it's also just an IISExpress issue. We'll see. Thank for the info. I'm hoping I don't have to move all this to IIS locally.
6:49 pm on Apr 20, 2016 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 27, 2003
posts:3332
votes: 140


For IISExpress, try the change to applicationhost.config - overrideModeDefault="Deny" => overrideModeDefault="Allow"
8:50 pm on Apr 20, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


That was it! Here's the related line in applicationhost.config

change from:
<section name="ipSecurity" overrideModeDefault="Allow" />
to
<section name="ipSecurity" overrideModeDefault="Allow" />


Many thanks. It took a few days of hitting myself in the head with this brick but I'm VERY happy you were able to point me in the right direction. I never even realized I had access to this config file but now I'm like "Duh".
7:07 am on Apr 24, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


Also discovered that web.config size limitations in IISExpress can cause errors that don't apply to the production server.
7:09 am on Apr 24, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


Just noticed a copy and past error. The post above should say


change from:
<section name="ipSecurity" overrideModeDefault="Deny" />
to
<section name="ipSecurity" overrideModeDefault="Allow" />
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members