Setting IP Security Using ADSI

There are different ways to restrict clients from viewing resources on an IIS server. Resources can be configured to authorize access only to clients who use certificates, or to specific authenticated client user names, or to specific IP addresses or DNS host names.

This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.

Using ADSI in VBScript

The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.

This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.

' Set up variables. 
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root") 
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity 

Dim IPList 
IPList = Array() 

' If GrantByDefault is True, you can only use IPDeny and DomainDeny. 
If True = IIsIPSecurityObj.GrantByDefault Then 

  ' Insert a new restriction. 
  IPList = IIsIPSecurityObj.IPDeny 
  If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied") 
  Redim IPList (Ubound(IPList)+1) 
  IPList (Ubound(IPList)) = "," 

  ' Set the new lists back in the metabase in two stages, and then save   
  ' the metabase. 
  IIsIPSecurityObj.IPDeny = IPList 
  IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj 
  WScript.Echo("The IPRestriction has been set") 

  ' Display the IP restrictions. 
  Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity 
  IPList = IIsIPSecurityObj.IPDeny 
  WScript.Echo("These IP addresses are denied:") 
  For Each IP In IIsIPSecurityObj.IPDeny  

End if