[英]IIS IP Address restrictions subnet masks
I have the following ipv4 and ipv6 address ranges which I need to put into web.config to restrict access to them. 我有以下ipv4和ipv6地址范围,需要将它们放入web.config中以限制对它们的访问。
103.21.244.0/22
2400:cb00::/32
2a06:98c0::/29
Is this the right way? 这是正确的方法吗? The thing I am unsure about is how to treat the subnet masks.
我不确定的是如何处理子网掩码。 I used https://www.tunnelsup.com/subnet-calculator/ to calculate the appropriate masks.
我使用https://www.tunnelsup.com/subnet-calculator/来计算适当的掩码。 As it's not possible to test this until my production site goes down I need to know in advance if I have done the right thing.
由于在生产现场关闭之前无法进行测试,因此我需要事先知道我是否做对了。
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound" xdt:Transform="Insert">
<clear/>
<add ipAddress="103.21.244.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="2400:cb00::" subnetMask="FFFF:FFFF::" allowed="true"/>
<add ipAddress="2a06:98c0::" subnetMask="FFFF:FFF8::" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
The easiest way is to enter the /xx
bits in subnetMask
. 最简单的方法是在
subnetMask
输入/xx
位。 Like so: 像这样:
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="10.46.0.0" subnetMask="16" allowed="true" />
<add ipAddress="2001:44b8:3168:9b::" subnetMask="56" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
I picked this up by entering an IPv6 address in IIS Manager, then looking at the configuration in C:\\Windows\\System32\\inetsrv\\Config\\applicationHost.config
. 我在IIS管理器中输入IPv6地址,然后在
C:\\Windows\\System32\\inetsrv\\Config\\applicationHost.config
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.