IIS IP Address restrictions subnet masks
Question
I have the following ipv4 and ipv6 address ranges which I need to put into web.config to restrict access to them.
103.21.244.0/22
2400:cb00::/32
2a06:98c0::/29
Is this the right way? The thing I am unsure about is how to treat the subnet masks. I used https://www.tunnelsup.com/subnet-calculator/ to calculate the appropriate masks. As it's not possible to test this until my production site goes down I need to know in advance if I have done the right thing.
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound" xdt:Transform="Insert">
<clear/>
<add ipAddress="103.21.244.0" subnetMask="255.255.252.0" allowed="true"/>
<add ipAddress="2400:cb00::" subnetMask="FFFF:FFFF::" allowed="true"/>
<add ipAddress="2a06:98c0::" subnetMask="FFFF:FFF8::" allowed="true"/>
</ipSecurity>
</security>
</system.webServer>
1 answers
solution1
1 2018-01-04 07:05:50
The easiest way is to enter the /xx bits in subnetMask . Like so:
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="10.46.0.0" subnetMask="16" allowed="true" />
<add ipAddress="2001:44b8:3168:9b::" subnetMask="56" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
I picked this up by entering an IPv6 address in IIS Manager, then looking at the configuration in C:\\Windows\\System32\\inetsrv\\Config\\applicationHost.config .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.