I have deployed my flask application on IIS using the IP address. I want to access this from another PC in the network, I have read about creating an inbound rule and allowing the access but is there a safer way to do this?
In my opinion, you could use the 80 port which is usually an open port.
if you want to use another port you can set the firewall and use the private only in profile:
after that, you could use iis IP and domain name restriction to restrict the other ip then the remote machine IP.
you can follow the below steps to allow connections from specific IP addresses:
1)Open IIS Manager
2)In IIS Manager, expand SERVERNAME > Sites > click on a required website > double-click IP Address and Domain Restrictions
3)Click Add Allow Entry... (on the right pane) to add an IP address or IP address range that will be allowed to access the website. Click OK.
4)Once allowed IP addresses have been added, click Edit Feature Settings... and select Deny for Access for unspecified clients. Click OK.
Now, only users with the specified IP addresses are able to access the website.
Related
i have windows server 2019 with iis 10 installed, ip and domain restriction enabled ip range 10.0.0.1=>10.0.0.240 - domain name : lo-server.com
the problem that am facing is : when adding a local ip address / Same ip with server / same network / example 10.0.0.66 to deny list it works perfectly it deny the access
but when i add an ip address outside the network / 192.168.20.10 / which is connected to a firewall ( FortiGate ) 10.0.0.200 the restriction doesn't work i need to add the firewall ip to deny it which i don't want to do it because i'll block all the ranges that are connected to the firewall.
how can i deny access to another network without adding the firewall
Microsoft considered the simplest case for you and implemented the so called Proxy mode, which you might try out,
https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-dynamic-ip-address-restrictions#configuring-iis-for-proxy-mode
Deep down inside it checks x-forwarded-for header to see whether the incoming HTTP requests are through a proxy (the firewall in your case) and then apply the rules to decide whether to deny any request.
However, a real world proxy can manipulate the incoming requests in too many ways, so the proxy mode might fail you and you will have to switch to something like URL Rewrite module and write a more complicated rule to abort the desired requests.
You can use the IP Address and Domain Restrictions feature page to define and manage rules that allow or deny access to content for a specific IP address, a range of IP addresses, or a domain name or names.
Opens the Add Deny Restriction Rule dialog box from which you can define rules that allow access to content for a specific IP address, a range of IP addresses, or a DNS domain name.
More information you can refer to this link: IP Address and Domain Restrictions.
I have 2 separate webapi apps and I want the 1st one to be a normal webapi app which can be accessed by any authorised over the internet. With the 2nd one, I need it to not be publicly accessible and only available to the 1st (so the 2nd app is 'nested' within the first somehow).
Could anyone please tell me how I can achieve this (the apps are hosted in IIS Express at present but will be in iis for production)?
Many thanks
If you're concerned about security (and everyone should be), you can configure IIS to allow only specific computers, groups of computers or domains access to your Web site. Here's the procedure:
1)Open the IIS console and go to the Properties of your Web site.
2)double-click IP Address and Domain Restrictions.
3)Click Add Allow Entry... (on the right pane) to add an IP address or IP address range which will be allowed to access the website. Click OK.
Repeat this step to add other IP addresses to the list.
Once allowed IP addresses have been added, click Edit Feature Settings... and select Deny for Access for unspecified clients. Click OK.
Now, only users with the specified IP addresses are able to access the website.
I have a registered domain name, www.aaaDomain.com, assigned to ip address xx.xx.xx.xx . I set up my site on IIS8 to use the ip address xx.xx.xx.xx and port 8020 for my website. I can connect to the website when I type xx.xx.xx.xx:8020 in a browser but I cannot connect to the website when I use www.aaaDomain.com:8020
Also, I have another website on this same server as my Default website. When I type just the domain name without the port number, my default website comes up (because DNS does not allow adding port numbers) just like when I type in the ip address without the port number.
What am I doing wrong?
Here is what my site binding looks like on IIS8.
As you already have an existing site running on the server you should check your security settings on both the Windows firewall and any other security/firewall settings you have - It sounds like you have not opened the additional port which you have just configured in IIS.
Check to see if you can ping the new site by its domain name - that will verify that you have the correct DNS setup, you can also try & browse to it via the server console (or remote desktop) if that works then its security setting somewhere blocking your access. Even if the ping request times out it should still resolve the name to an IP address for you to check. You may find that ICMP is also blocked.
If you just changed your dns record, be aware that you should wait up to 72 hours for the dns to replicate after changing your dns record.
I am trying to connect my custom domain (in my case it's through Godaddy) to my Azure web app.
I have followed all the steps but I am missing the web app IP address to complete the process.
The tutorial found in Azure says:
To create an A record, you need the virtual IP address of your web app. To get the IP address:
In your browser, open the Azure Portal.
Click the Browse option on the left side of the page.
Click the Web Apps blade.
Click the name of your web app.
In the Essentials page, click All settings.
Click Custom domains and SSL.
In the Custom domains and SSL blade, click Bring External Domains". The IP address is located at the bottom of this part.
...everything works well until the last step (#7). I see no "Bring external domains", nor any IP address.
Under "Properties", there is a section OUTBOUND IP ADDRESSES, that contains 4 IPs. None of them seems to redirect to my site (http://educa03.azurewebsites.net/).
How can I find this IP address needed for the A record?
At some point it seems that a bug crept in that has made the incoming IP address disappear from that page.
If you are on a plan that supports domain names, then the best way to find your external IP address is to ping it.
e:\PS>ping educa03.azurewebsites.net
Pinging waws-prod-am2-051.cloudapp.net [104.47.137.62] with 32 bytes of data:
So in this case your external IP address, that you can put in A records, is 104.47.137.62
Any chance you're using a free tier app? if so, you need to upgrade to at least "Shared" to map the custom domain.
I have a SonicWall TZ200 and used the Wizard to create a port forwarding for PPTP which is working great. Now, I want to limit the EXTERNAL IP addresses that can use this port forwarding rule so that it only allows connections from a couple employees static home IP addresses.
I created an Address Object for the external home IP address. Then I went to Access Rules WAN>LAN. For the PPTP rule I changed Allow Source to the Address Object for the home IP address.
But, I can still access the VPN from a different external IP address so it's obviously not blocking anything else.
What am I missing?
You need to set your NAT policy. The "Home" IP addresses are added at the "Original Destination" part of your policy.