Restricting IIS


How do you go about restricting IIS to only be available to your own network or computer?

In the Application Monitor I have a rule in there for inetinfo for both TCP/UDP in and out with the port set to any and the destination set to Zone [Local Area Network]. However I am still getting attempt from the internet of people who are trying to view my web server and if I create a rule to block it, it blocks everything including my local zone rule?

Hi, Arkava!

The only thing I can think of right now is to solve this problem on the packet rules level. I would delete my application rules related to this first, and then make a Netmonitor (=packets) rule with the Source address[es] (range) and the Destination address[es] (range) defined, ‘Allow TCP/UDP In for such and such addresses’ and ‘Log’ (check ‘create an alert when this rule is fired’). If you have never adjusted the Netmonitor rules, then ‘TCP/UDP Out’ is already defined by default for all addresses, so I don’t think you need such a rule on the packet level.

The last default IP Block rule should take care of the rest. Now you are ready to set your application rules, because even if you make a mistake by allowing something In you shouldn’t have allowed, the packet rule will block the ‘wrong’ (=undefined) addresses.

Paul Wynant
Moscow, Russia