IIS/6 IP address and domain name restriction problem

  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

Here's something I just don't understand. In IIS/6 under the Directory Security tab in the IP address and domain name restriction section, if I click the Edit button and configured in the following way:

Denied access radio is clicked, and in the Except the following box, I add a single computer IP address in. This is IP address is the IP address of the server that hosts the web pages. Now, when I go back into the webpage, I could not access the page anymore.

Below is the error when I tried to access the page:

Code: [ Select ]
You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
--------------------------------------------------------------------------------

Please try the following:

Contact the Web site administrator if you believe you should be able to view this directory or page.
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)
  1. You are not authorized to view this page
  2. The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
  3. --------------------------------------------------------------------------------
  4. Please try the following:
  5. Contact the Web site administrator if you believe you should be able to view this directory or page.
  6. HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
  7. Internet Information Services (IIS)


Now my question is, why is this happening when the Except the following box, which is use to grant the specified IP address, is denying the exact IP address I typed in? Is this a bug in the IIS/6 design or is it just my error?

ljCharlie
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

ljcharlie - I just saw this. In case you haven't figured it out already, I think by doing what you did, you denied your workstation access. The way you did it only your server has access. You'll also need to add the IP of your workstation to the exception list.
  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

Thanks for the response. See? The problem is not even my server is able to access the page in IE. It doesn't matter what workstation IP address I put in, the IIS denies everything. So that is why I think it might be a bug.

ljCharlie
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Just out of curiosity, did you try localhost, or 127.0.0.1 for the server?
  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

I tried both. It didn't work.

ljCharlie
  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

I believed that if you tried that on your IIS/6 you would get the same thing....because I already tried three servers...two IIS/6 and one IIS/5. Although somehow I was able to get the IIS/5 server to work once but I'm not sure why this time it doesn't work either on IIS/5 or 6. By the way, I uncheck the Annonymous check box.

ljCharlie
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Unfortunately, I won't have version 6 until we upgrade to Win2k3 Server and that won't be for a month or so yet. I have to plan out the migration from Novell first.
  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

But the version 5 works for you? It used to work for me but somehow it doesn't work anymore. I mean there is not a lot of options to tweak. It's either denied and grant the following or grant and denied the following. If I typed in the ip address instead of localhost then a window popup for user name and password.

ljCharlie
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Never tried it. I have no need for that kind of security at the moment, since I'm the only one that knows the stuff actually exists.
  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

Well the reason I need to secure is because the IP address of the machine I'm working on is public and anyone can access it that is why I need to restrict for testing purposes. But appearantly it doesn't work.

ljCharlie
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I finally, had the chance to review it in IIS 5. Seems like a no-brainer. It should work exactly as you are doing it. Unfortunately it's impossible for me to test it further for you. This is my company's web server, and I can't set it to deny for obvious reasons. Sorry I can't help you more, but the way I'm reading it, it should work perfectly the way you are doing it.
  • ljCharlie
  • Proficient
  • Proficient
  • ljCharlie
  • Posts: 343

Post 3+ Months Ago

Many thanks for sticking to my issue. And yes, I would not want you to test on your company's live web server.

Again, many thanks!

ljCharlie

Post Information

  • Total Posts in this topic: 12 posts
  • Users browsing this forum: No registered users and 21 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.