Setting IP Security Using ADSI
There are different ways to restrict clients from viewing resources on an IIS server. Resources can be configured to authorize access only to clients who use certificates, or to specific authenticated client user names, or to specific IP addresses or DNS host names.
This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.
Using ADSI in VBScript
The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.
This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.
' Set up variables. Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root") Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity Dim IPList IPList = Array() ' If GrantByDefault is True, you can only use IPDeny and DomainDeny. If True = IIsIPSecurityObj.GrantByDefault Then ' Insert a new restriction. IPList = IIsIPSecurityObj.IPDeny If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied") Redim IPList (Ubound(IPList)+1) IPList (Ubound(IPList)) = "126.96.36.199,255.255.255.0" ' Set the new lists back in the metabase in two stages, and then save ' the metabase. IIsIPSecurityObj.IPDeny = IPList IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj IIsWebVirtualDirObj.Setinfo WScript.Echo("The IPRestriction has been set") ' Display the IP restrictions. IIsWebVirtualDirObj.Getinfo Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity IPList = IIsIPSecurityObj.IPDeny WScript.Echo("These IP addresses are denied:") For Each IP In IIsIPSecurityObj.IPDeny WScript.Echo(IP) Next End if