web.confing ipSecurity IP deny entries are not denied

AKha

1/23/24, 7:46 PM

Windows Server 2019 with IIS 10.

I'm trying to configure a list of "deny IP" entries in the IIS web.config (see below), but the IPs are not blocked. At the same time if we enter the same IPs manually, via the IIS Manager (IP Address and Domain Restriction feature), the IPs get blocked as expected.

The web.config is in the default location (the root folder for the Default Web Site) and is reduced to the very minimum, just to troubleshoot a single IP (expecting 69.122.29.94 to be blocked):

C:\inetpub\wwwroot\web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <location path="Default Web Site">
        <system.webServer>
            <security>
                <ipSecurity allowUnlisted="true">
                    <add ipAddress="69.122.29.94" subnetMask="255.255.255.255" allowed="false" />
                </ipSecurity>
            </security>
        </system.webServer>
    </location>
</configuration>

I cannot figure out what can be wrong? Thanks..

105

0 + 2

iis

web.config

deny

Lex Li

1/24/24, 4:26 PM

Then can you enable FRT https://learn.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshoot-with-failed-request-tracing and also use a tool like Wireshark to confirm the packets are not blocked?

AKha

1/24/24, 6:12 PM

@LexLi I don't need to debug code or data requests, I know IIS Manges config works while web.config does not, so it must be some configuration, not a problem with a handler. In your answer (now deleted) you suggested to use `%windir%\system32\inetsrv\config\applicationhost.config` - can you explain why (or why not to use web.config) and provide some references? Thanks..

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: web.confing ipSecurity IP deny entries are not denied

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.