IP Restriction Configuration

This page explains how to configure your web server to correctly work with IP Restrictions. To implement the restrictions completely, the system will create and manage web.config files within the digital resource file system (i.e., content by default). However, this requires some additional IIS configuration since IIS does not allow IP restrictions to be set by child web.config files.

The instructions below show to configure your web server to allow this method of file locking/restrictions.

Using IIS Manager to allow IP Restrictions

Launch IIS and select Feature Delegation on the root web server. You will see that IPv4 Address and Domain Restrictions is set to Read Only by default.

Figure 1: Default Value for delegation of IP Restriction feature in IIS7

To allow IP restrictions to be implemented correctly, you will need to change this value to Read/Write, thus allowing subordinate web.config files to manage the IP Restriction information.

Figure 2: Correct Value for delegation of IP Restriction feature in IIS7

This change will take affect immediately.

Using AppCmd to allow IP Restrictions

You should also be able to use AppCmd to allow this feature delegation, although this is not tested. The commands should be something like:

            set path=%path%;%windir%\system32\inetsrv
            appcmd unlock config –section:ipSecurity

For more information on this, see: An Overview of Feature Delegation in IIS 7.0