阻塞IIS改写IP地址
[英]Blocking IIS rewrite by IP address
问题描述
I have been using Win Server 2008 running IIS 7 as a reverse proxy server which allows me to have multiple web servers behind a single public IP address.
我一直在使用运行 IIS 7 的 Win Server 2008 作为反向代理服务器,它允许我在单个公共 IP 地址后面拥有多个 web 服务器。 I have configured IIS 7 with rewrite rules for each of the web servers like this:我已经为每个 web 服务器配置了 IIS 7 重写规则,如下所示:
{HTTP_HOST} Matches the pattern (domain_A.com) Rewrite http://<Server #1 IP>/{R:1}
Surprisingly, this works.令人惊讶的是,这有效。
I'd like to employ IIS ipSecurity to create deny rules that block the rewrite rules for various IP addresses (a poor man's firewall).我想使用 IIS ipSecurity 创建拒绝规则来阻止各种 IP 地址(穷人的防火墙)的重写规则。 I tried adding deny rules to the ipSecurity section of applicationHost.config like this:我尝试将拒绝规则添加到 applicationHost.config 的 ipSecurity 部分,如下所示:
<ipSecurity allowUnlisted="true"> <add ipAddress="1.0.0.0" su.netMask="8" allowed="false" /> </ipSecurity>
The rewrite rules are still triggering for my denied IP addresses, so I suspect that IIS is processing rewrite before ipSecurity.重写规则仍在为我拒绝的 IP 地址触发,所以我怀疑 IIS 在 ipSecurity 之前处理重写。
Is there a way to configure IIS rewrite so that it obeys the deny rules in ipSecurity?有没有办法配置 IIS 重写,使其遵守 ipSecurity 中的拒绝规则?
1 个解决方案
解决方案1
0 2022-02-18 03:11:32
You could try adding a condition to the rule that retrieves the host header value by reading the server variable {HTTP_HOST}, matches it against the pattern "domain_A.com", and then negates the result of matching.您可以尝试在规则中添加一个条件,通过读取服务器变量 {HTTP_HOST} 来检索主机 header 值,将其与模式“domain_A.com”进行匹配,然后否定匹配结果。
<rule name="Fail bad requests">
<match url=".*"/>
<conditions>
<add input="{HTTP_HOST}" pattern="domain_A.com" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
More information you can refer to this link: Creating an access block rule .更多信息您可以参考此链接: 创建访问阻止规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.