Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I block sites from accessing IIS webserver

01 Aug 2009   #1

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 
How do I block sites from accessing IIS webserver

Hi guys
Not sure if question should be here or in Networking

Is there a way of BLOCKING some incoming sites from possibly accessing your web servers. Note this is for a HOME webserver with a bog standard home router -- so no corporate type of hardware firewall etc.

Using Windows 7 X-64 build 7137 with latest IIS server installed

Looking at the Router log I see some entries like this I've blanked out the destination for obvious reasons)

TCP Packet - Source:125.65.165.139,12200 Destination:- [Web Server rule match]
Thu, 2009-07-30 09:43:03 - TCP Packet - Source:222.208.183.218,12200 Destination: - [Web Server rule match]
Thu, 2009-07-30 10:45:54 - TCP Packet - Source:222.208.183.218,12200 Destination:- [Web Server rule match]
Thu, 2009-07-30 11:49:15 - TCP Packet - Source:222.208.183.218,12200 Destination: - [Web Server rule match]
Thu, 2009-07-30 11:59:33 - TCP Packet - Source:125.65.165.139,12200


The IP 's found from the WHOIS IP site are

125.65.165.139 - Geo InformationIP Address125.65.165.139Host125.65.165.139Location CN, ChinaCityChengdu, 32 -OrganizationCHINANET Sichuan province networkISPCHINANET Sichuan province networkAS NumberAS4134 No.31,Jin-rong Street


and
222.208.183.218 - Geo InformationIP Address222.208.183.218Host222.208.183.218Location CN, ChinaCityChengdu, 32 -OrganizationCHINANET Sichuan province networkISPCHINANET Sichuan province networkAS NumberAS4134 No.31,Jin-rong Street


Any network gurus out there -- what do I need to do now if anything

BTW it doesn't look like they've logged on or anything -- decent passwords / firewalls / closed ports and router remote facility is turned off.

Cheers
jimbo

My System SpecsSystem Spec
.

01 Aug 2009   #2

 
 

Hi Jimbo,

I'm no IIS/network/security guru but can't you set your router to deny certain Sites/IP addresses from 'passing' through your router?

For example:
Name:  Capture.PNG
Views: 50
Size:  39.3 KB

Sorry, only think I can think of


My System SpecsSystem Spec
01 Aug 2009   #3

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Hi there
I think the Router allows you to block users on your OWN site from accesssing specific web sites so for example you can prevent kids from having access to undesirable sites (Porn etc etc).

What I want is the OTHER way round - block certain IP addresses from accessing mi IIS server.

More expensive (Commercial type) routers seem to allows this but I can't seem to do ir with a cheap "Domestic" type router.

With security being more of an issue now I really think this feature should be implemented IN THE ROUTER.

Whatever one thinks of AV software and firewalls IMO it would also be helpful to block certain IP addresses from being able to attempt to logon in the first place.

I've changed the default IIS port but that won't stop a determined person from trying all possible ports -- would delay them a bit -- and I change it once a week in any case.

I'm not an expert at all in this stuff especially Windows networking although I have used an apache server on a linux box where you can configure "Black Lists" of domains and IP addresses.

Maybe the Forum software might have some idea as they can obviously ban people and know their IP addresses.

Cheers
jimbo
My System SpecsSystem Spec
.


01 Aug 2009   #4

Win 8 Release candidate 8400
 
 

Jim

My linksys does have site blocking by either url, or ip. Im not sure how many sites it would allow but. could also block by country suffix, (ie cn) or ip range.

Ken
My System SpecsSystem Spec
01 Aug 2009   #5

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Quote   Quote: Originally Posted by zigzag3143 View Post
Jim

My linksys does have site blocking by either url, or ip. Im not sure how many sites it would allow but. could also block by country suffix, (ie cn) or ip range.

Ken
Hi there
can you check that because I think that the Router will block those sites from being accessed by computers INSIDE your network.


I want to block those IP addresses from acessing my site from OUTSIDE the router (I.E from the "Public Internet")

My router can block sites / IP addresses but only it seems to prevent computers on the network from acessing those sites.

I tested with a 2nd (DIFFERENT) network -- I blocked the IP address via the router -- that worked as I couldn't access the home page on the server on the 2nd network but it didn't stop the computer from the 2nd network from accessing the home page of the IIS server on the computer of the FIRST network -- i.e I couldn't block an INWARD request from the "general Internet".

Cheers
jimbo
My System SpecsSystem Spec
01 Aug 2009   #6

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Hi there
can you check that because I think that the Router will block those sites from being accessed by computers INSIDE your network.


I want to block those IP addresses from acessing my site from OUTSIDE the router (I.E from the "Public Internet")

My router can block sites / IP addresses but only it seems to prevent computers on the network from acessing those sites.

I tested with a 2nd (DIFFERENT) network -- I blocked the IP address via the router -- that worked as I couldn't access the home page on the server on the 2nd network but it didn't stop the computer from the 2nd network from accessing the home page of the IIS server on the computer of the FIRST network -- i.e I couldn't block an INWARD request from the "general Internet".

Cheers
jimbo
Jim
You absolutely correct. I understood what you wanted but when I went to look it didnt specify in my router. Your router is nat right? so is your chinese net touching the router but not the pc's inside? On a commercial router (I dont have one home either) it shouldn't pass a request/packet from an outside site without having a request from a browser ( or other app) inside.

Just rying to get my head around how you could do this

Ken
My System SpecsSystem Spec
01 Aug 2009   #7

 

How you go about securing the website depends how how accessible you want it to be. Is it just for 1 or 2 people from set networks or a group of people on different networks or the whole internet. If it's just from certain people you could allow just there IP's through the router. If it starts getting more complicated then the rules on the homer router may not be enough and you would have to look at a software firewall on the PC.
My System SpecsSystem Spec
Reply

 How do I block sites from accessing IIS webserver




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:01 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33