Lock down a web site's allowable IP range to just one IP address [modified]
-
I’m developing a .NET/C# application software for an instrument which has a built-in PC (Core 2 CPU/2.66GZ/4GB RAM) and will have access to the Internet from behind the facility IT firewall. To support remote device maintenance via Intetnet using browser, I want to run a web site locally IIS hosted on the instrument PC. Apparently, this site is for authorized user only (could be anywhere on the Inernet). I know security is the major problem to deal with in this scenario. To reduce the surface of attach, can I lock down the allowable IP range to just one IP address where the service user is? This one IP address will be made configurable. Is this a viable approach to secure the web site with the least cost? Just googled that .htaccess file can be created in webroot to block IP ranges. Will this still allow scripts to access the site Sorry, .htaccess is available on Apache server only. What's equivalent on IIS?
modified on Saturday, June 19, 2010 10:19 PM
-
I’m developing a .NET/C# application software for an instrument which has a built-in PC (Core 2 CPU/2.66GZ/4GB RAM) and will have access to the Internet from behind the facility IT firewall. To support remote device maintenance via Intetnet using browser, I want to run a web site locally IIS hosted on the instrument PC. Apparently, this site is for authorized user only (could be anywhere on the Inernet). I know security is the major problem to deal with in this scenario. To reduce the surface of attach, can I lock down the allowable IP range to just one IP address where the service user is? This one IP address will be made configurable. Is this a viable approach to secure the web site with the least cost? Just googled that .htaccess file can be created in webroot to block IP ranges. Will this still allow scripts to access the site Sorry, .htaccess is available on Apache server only. What's equivalent on IIS?
modified on Saturday, June 19, 2010 10:19 PM
From IIS Manager; (This sequence is 2003 Server, but dare say others are similiar) 1) Right Click the Web Site and choose Properties 2) Select the Directory Security Tab 3) Click Edit in the IP Address and Domanin Name restrictions panel 4) Grant/Deny relevant domains/ip as required.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com -
From IIS Manager; (This sequence is 2003 Server, but dare say others are similiar) 1) Right Click the Web Site and choose Properties 2) Select the Directory Security Tab 3) Click Edit in the IP Address and Domanin Name restrictions panel 4) Grant/Deny relevant domains/ip as required.
Dave Don't forget to rate messages!
Find Me On: Web|Facebook|Twitter|LinkedIn
Waving? dave.m.auld[at]googlewave.com -
Is it possible to do it in code? e.g. after receiving an allowable IP address, place it somewhere in a config file?
-
Is it possible to do it in code? e.g. after receiving an allowable IP address, place it somewhere in a config file?