IP Address Restriction

In a typical server-to-server exchange of information, you will most likely know the IP address of the machine that will be requesting information from your machine. If this is the case, you can restrict your Web site to only accept requests from this IP address. Simply select a Web site in IIS and then open the Properties dialog box. Then, select the Directory Security tab and click the Edit button in the IP Address and Domain Name Restrictions section (see Figure 31.3).

NOTE

This technique is only available on computers running server software. That is, it's not available if you're running Windows 2000 Professional, or the Windows XP Professional or Home versions.

When you click the Edit button, you will see a dialog box similar to the one shown in Figure 31.4. This dialog box allows you to choose to grant access to the list of specified IP addresses. You may also choose to deny access to a specified list of IP addresses. This is a somewhat confusing dialog box because you will have a list of both granted and denied IP addresses listed in the list box.

If you have the Granted Access option button selected and then click the Add button, you will be presented with a dialog box in which you enter a single IP address. This IP address will be the only one granted access to this particular Web site. You may add one or many IP addresses to this list, as you want.

If you click the Denied Access option button and then click the Add button, you will be presented with a dialog box like the one in Figure 31.5.

When you choose the Group of Computers option button, you can specify a specific network ID and even a subnet mask, as shown in Figure 31.6. This is a little more flexible and would be ideal for an intranet scenario.

WARNING

Although you can also choose a domain name, this requires a reverse DNS lookup operation and can significantly slow down the performance of your Web site.