I'd like to make my website accessible only by a few IP addresses. I've added the <ipSecurity>
tag but it seems to get ignored.
This is my current config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers>
<remove name="PHP" />
<add name="PHP" path="*.php" verb="*" modules="CgiModule" scriptProcessor="C:\PHP\5.4.0\php-cgi.exe" resourceType="File" requireAccess="Script" />
</handlers>
<defaultDocument>
<files>
<remove value="index.htm" />
<remove value="index.html" />
<remove value="index.asp" />
<add value="index.html" />
<add value="index.php" />
<add value="index.asp" />
</files>
</defaultDocument>
<httpErrors errorMode="Detailed" />
</system.webServer>
<location path="Default Web Site">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="79.1.2.3" />
</ipSecurity>
</security>
</system.webServer>
</location>
</configuration>
But the site is accessible by everywhere.
If I add the <security>
block inside <system.webServer>
then no IP can see the site, not even the one listed, by getting 403.
What's wrong?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.