IPSecuritySection Class
Configures access to Web server content based on IP address-related information.
Syntax
class IPSecuritySection : ConfigurationSectionWithCollection
Methods
The following table lists the methods exposed by the IPSecuritySection class.
| Name | Description |
|---|---|
| Add | (Inherited from ConfigurationSectionWithCollection.) |
| Clear | (Inherited from ConfigurationSectionWithCollection.) |
| Get | (Inherited from ConfigurationSectionWithCollection.) |
| GetAllowDefinition | (Inherited from ConfigurationSection.) |
| GetAllowLocation | (Inherited from ConfigurationSection.) |
| Remove | (Inherited from ConfigurationSectionWithCollection.) |
| RevertToParent | (Inherited from ConfigurationSection.) |
| SetAllowDefinition | (Inherited from ConfigurationSection.) |
| SetAllowLocation | (Inherited from ConfigurationSection.) |
Properties
The following table lists the properties exposed by the IPSecuritySection class.
| Name | Description |
|---|---|
AllowUnlisted |
A read/write boolean value. true if access is granted to IP address, domain name, and subnet mask combinations not specified in the IPAddressFilters property; otherwise, false. The default is true. This property is processed last in ordering. Note: If you are using the local host address (127.0.0.1) and the AllowUnlisted property is set to false, users will be denied access unless 127.0.0.1 is specified as an IPSecurity entry with its Allowed property set to true. |
EnableReverseDNS |
A read/write boolean value. true if a reverse DNS lookup is performed to verify the domain name to which an IP address resolves; otherwise, false. The default is false. Note: When this property is enabled, IIS must resolve the DNS name of each client IP address. A single DNS lookup may require several seconds, and IIS is required to wait until the domain name can be verified. You should take this behavior into consideration when planning large-scale implementations. |
IpSecurity |
An array of read/write IPAddressFilterElement values that specify IP address, domain name, and subnet mask combinations to which access is granted or denied. Note: The entries in this property are processed in order. A best practice is to place the entries to be denied first in the list. |
Location |
(Inherited from ConfigurationSection.) A key property. |
Path |
(Inherited from ConfigurationSection.) A key property. |
SectionInformation |
(Inherited from ConfigurationSection.) |
Subclasses
This class contains no subclasses.
Remarks
In IIS 6.0, URLs were granted or denied individually. However, in IIS 7, access rules are inherited and their semantics are merged to determine final access, which is why the ordering of rules is important.
Example
The following example displays IPSecuritySection settings for the default Web site.
' Connect to the WMI WebAdministration namespace.
Set oWebAdmin = _
GetObject("winmgmts:root\WebAdministration")
' Get the IP security section for the default Web site.
Set oSite = oWebAdmin.Get("Site.Name='Default Web Site'")
oSite.GetSection "IPSecuritySection", oSection
' Display the Path and Location properties.
WScript.Echo "=============================="
WScript.Echo "IP Security Section Properties"
WScript.Echo "=============================="
WScript.Echo "Path: " & oSection.Path
WScript.Echo "Location: " & oSection.Location
WScript.Echo
' Display the AllowUnlisted and
' EnableReverseDns properties.
WScript.Echo "AllowUnlisted: " & oSection.AllowUnlisted
WScript.Echo "EnableReverseDns: " & _
oSection.EnableReverseDns
WScript.Echo
' Display the IP and domain restrictions.
WScript.Echo "--------------------------"
WScript.Echo "IP and domain restrictions"
WScript.Echo "--------------------------"
For Each oIPAddressFilter In oSection.IpSecurity
WScript.Echo "IpAddress: " & oIPAddressFilter.IpAddress
WScript.Echo "DomainName: " & _
oIPAddressFilter.DomainName
WScript.Echo "SubnetMask: " & _
oIPAddressFilter.SubnetMask
WScript.Echo "Allowed: " & oIPAddressFilter.Allowed
WScript.Echo
Next
Inheritance Hierarchy
ConfigurationSectionWithCollection
IPSecuritySection
Requirements
| Type | Description |
|---|---|
| Client | - IIS 7.0 on Windows Vista - IIS 7.5 on Windows 7 - IIS 8.0 on Windows 8 - IIS 10.0 on Windows 10 |
| Server | - IIS 7.0 on Windows Server 2008 - IIS 7.5 on Windows Server 2008 R2 - IIS 8.0 on Windows Server 2012 - IIS 8.5 on Windows Server 2012 R2 - IIS 10.0 on Windows Server 2016 |
| Product | - IIS 7.0, IIS 7.5, IIS 8.0, IIS 8.5, IIS 10.0 |
| MOF file | WebAdministration.mof |
See Also
ConfigurationSectionWithCollection Class
IPAddressFilterElement Class
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for