Restrict access to Web sites

Applies To: Windows Server 2008 R2

You can authorize access to the content on your Web site in two ways. If your site uses an authentication method that identifies its users, you can set up authorization rules that allow access to some users and deny access to others. If you want to authorize access based on domain names or an IP address space, you can use IP and domain restriction rules to allow access to some domains and deny access to others. You can mix and match these rules to configure an authorization scheme that provides the best level of security for your content.


The Authorization Rules and IPv4 and Domain Restrictions features are not installed by default. If you want to use either of these features, you must first install them.

  Step Reference

Read an overview of how to set up an authorization strategy.

Overview of IIS Authorization Features

Install IPv4 and Domain Restriction and Authorization Rules using the Add Role Services Wizard from Server Manager.

Installing IIS

Use IIS 7 to configure Authorization Rules.

Configure Authorization Rules

Use IIS 7 to configure IPv4 and Domain Restrictions.

Configure IPv4 Address and Domain Restrictions

See Also

Other Resources

Web Server on Tech Center (online)