Restricting access to a website by IP address range / domain
Question
I would like advice on the best way to restrict access to a weba pplication (using .net 2.0 and II6) based on the clients IP address. The two ways I am considering:
1) Through the server side code - check the client IP against a list of IP addresses within the web.config.
2) Through IIS by creating a virtual directory and restricting the IP addresses on this virtual directory.
My question is if I go the virtual directory route there are a lot of users that access this website and I have read reverse domain lookups made during each client request can be very expensive on server resources. How much of a risj is this?
Any other suggestions /ideas to doing this would be much appreciated
Thanks advance,
1 answers
solution1
0 2009-10-09 16:56:30
If you go the second route (virtual directory), there will not be any reverse lookups done unless you filter on domain names. If you are restricting by IP addresses (or ranges of addresses), this never comes into play.
See the bit at the bottom of this MS bulletin :
If you use domain name restrictions, the server has to perform a reverse DNS lookup for each request to check the host's registered domain name. Microsoft recommends that you use an IP address or network range whenever you can.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.