Filter inbound request http - iis-6

I have some website on IIS6 on Windows 2003. I want to allow for one website only http connection from some IP addresses.
Is it possible to do so by acting on the configuration of IIS?
Thanks
Oronzo

So you want to grant or deny access to a website based on the IP address of the user?
Here is a Microsoft Technet set of articles that tell you how to restrict access on IIS 6.
Securing Sites with IP Address Restrictions (IIS 6.0)
It gives instructions for securing it for a single IP, a domain and an ip subnet.

Related

Best Way To Self-Host a Webserver and stay "Anonymous"?

I have gotten into making web pages with apache/nginx and I want to know whats the best way to have either a proxy or a VPN setup so whenever anyone points at my domain they won't get my IP so easily
The Domain should auto change the IP if it sees any changes so that shouldn't be a problem
I wanted to make a proxy list into a file and use it but I haven't really find a way yet
Any Suggestions?
You can set up a reverse proxy with nginx and apache i.e. when someone tryies to access your website by typing in your domain, their web browser will query a domain name server to get the IP address associated with you're domain. Their web browser will then send a request to your nginx server IP which will then in turn send a request via reverse proxy to your apache server IP where the physical web page files are located. Apache IP address returns the requested web page files to nginx IP address and nginx in turn returns the requested web page files to the client IP address.

Hosting a WCF service over internet with DNS

I have a wcf service which work locally and within the network when used with the server name, this service needs to work on the internet to others outside the network to consume. I am currently hosting it on IIS. what will I need to make it available on the internet ? Do I need a DNS and SSL ? I am not sure what is required. Could somebody please let me know.
If your web service is going to be open to the public, i.e. on the internet, then you will need a domain or at least have your IP mapped to a name in DNS accessible to the public, this would require that you are self hosting the sight on you own server and have a static IP address accessible outsite your network.
Typically you would run a DNS to map your web service's IP to a domain name. However if you are going through a hosting provider they will most likely do that part for you.
Anything public facing, I would recommend using SSL over HTTPS. If the service will only be accessible to certain people, then you could use several of the different types of authentication, certificates, username/password, or tokens. There are lots of things to consider like firewalls etc.
Here some maybe helpful links to get you started:
SSL in IIS
How do I host a wcf service on the internet?

Cloudflare blocks VB NET Web Requests

I'm trying to send a request and retrive an information from the website with my program using HttpWebRequest in VB .NET.
The problem is that since the website use Cloudflare, my requests returns an 503 Server Unavailable error.
What can i do to make the web requests works with Cloudflare?
Thank you,
My advice is you whitelist the IP of the server hosting the VB.NET code at a CloudFlare level. To do this, select your site in the CloudFlare admin panel, select Firewall > IP Firewall. Then simply whitelist your IP under Access Rules by adding it there (make sure to select whitelist instead of block).

Allow specific users from outside my intranet to access website

I have an intranet website setup at my house. I'm running under XAMPP. Everything works fine. I'd like to give access to specific users in order for them to test the website (private testing) instead of making it available to the internet. Specifically, I want specific users to have private access to my intranet website and others would be denied access to that site.
I already configured port forwarding on my router. What would be the extra steps I'd need to take?
if the testers have static IPs you can configure ACLs on your router or even on your Server.
if there are dynamic IPs you can create openVPN to your tester's site and use DDNS as remote peer's IP.
hope that helps!

To what does "ip filtering" refer in the context of user authentication?

I'm looking at a set of requirements for a web site and it lists, among other things:
User authentication - cookies and ip filtering
I understand what ip filtering is (forwarding or ignoring packets based on data such as packet type, source ip address, etc.), but how is this used to authenticate users?
The website has a list of blacklisted/whitelisted IP addresses, and denies access to everyone on the blacklist/not on the whitelist. E.g. users need to log into a gateway server whose IP is whitelisted, and can then access your site from there.
I guess it would be to ban a user by his IP address...