I want to do a IP range block on a asp.net mvc website, and I have this in my web.config:
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="1.1.1.1" subnetMask="255.255.0.0" />
<add ipAddress="2.2.2.2" subnetMask="255.255.0.0" />
</ipSecurity>
</security>
<handlers>
...
</handlers>
But when i try to run the page I get this
How should i do the ip range block?
Sounds like you need the IP Security module installed on your local IIS (and your server when you go live). The error has a problem with the line:
<ipSecurity allowUnlisted="false">
Which is correct, although currently with allowUnlisted set to false, you're currently only allowing the IPs specified in your rule, and looks like you want the opposite, so set that to true.
From documentation:
First, create a command file that runs when your role starts which unlocks the ipSecurity section of the ApplicationHost.config file. Create a new folder at the root level of your web role called startup and, within this folder, create a batch file called startup.cmd. Set the properties of this file to Copy Always to ensure that it will be deployed.
Add the following code to the startup.cmd file:
%windir%\system32\inetsrv\AppCmd.exe unlock config -section:system.webServer/security/ipSecurityNext, open the ServiceDefinition.csdef file in your web role project and add the following element:
<Startup> <Task commandLine=”startup\startup.cmd” executionContext=”elevated” /> </Startup>This causes the startup.cmd batch file to be run every time the web role is initialized, ensuring that the required ipSecurity section is unlocked.
In case if you didn't load module.
Then if you want black list you should change <ipSecurity allowUnlisted="false"> to <ipSecurity allowUnlisted="true">
Really good article of how it works could be found here.
