Dynamic IP Restrictions for IIS 7.0 – Beta

Today IIS team has released the Dynamic IP Restrictions Extension for IIS 7.0 – Beta. The Dynamic IP Restrictions Extension provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through Brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level.

Install the Dynamic IP Restrictions Beta Today!

Microsoft Dynamic IP Restrictions for IIS 7.0 – Beta (x86)

Microsoft Dynamic IP Restrictions for IIS 7.0 – Beta (x64)

If IIS already has IPv4 Address and IP restrictions module enabled then Dynamic IP Restrictions installer will need to un-install the existing module in order to continue the setup process. Note that the existing IPv4 configuration will be preserved while old module is removed and new module is installed.

Features

The Dynamic IP Restrictions includes these key features:

  • Blocking of IP addresses based on number of concurrent requests – If HTTP client makes many concurrent requests then that client’s IP address gets temporarily blocked.
  • Blocking of IP addresses based on number of requests over a period of time – If HTTP client makes many requests over short period of time then that client’s IP address gets temporarily blocked.
  • Various deny actions – it is possible to specify what response to return to an HTTP client whose IP address is blocked. The module can return status codes 403 and 404 or just drop the HTTP connection and do not return any response.
  • Logging of dynamically denied requests – all denied requests can be logged into a W3C formatted log file.
  • Displaying currently blocked IP addresses – a list of currently blocked IP addresses can be obtained by using IIS Manager or by using IIS RSCA API’s.
  • IPv6 – the module fully supports IPv6 addresses.

In additions to these features, the Dynamic IP Restrictions for IIS 7.0 provides the same functionality that exists in IIS 7.0 built-in IPv4 and Domain Restrictions. Because of that the Dynamic IP Restrictions is provided as a replacement for IPv4 and Domain Restrictions.

More information

Module walkthrough: http://learn.iis.net/page.aspx/548/using-dynamic-ip-restrictions/

Support forum: http://forums.iis.net/1043.aspx

3,282 views

ruslany on February 16th 2009 in Other

PoorFairAverageGoodExcellent (2 votes, average: 5.00 out of 5)

4 Responses to “Dynamic IP Restrictions for IIS 7.0 – Beta”

  1. Gravatar Imagejonathan responded on 20 Feb 2009 at 8:02 am #

    Hi.. Do you know if this (or something else) can be used for SQL Server? I see many repeated attempts from hackers trying to login into my SQL server and would like to block those IP addresses…

    Thanks!

  2. Gravatar Imageruslany responded on 20 Feb 2009 at 11:58 am #

    Jonathan, this module can be used only with IIS 7. It can help when there are hacking attempts on a web application that uses SQL Server as a backend. But it cannot help when there are hacking attempts performed directly against SQL Server.

  3. Gravatar ImageGlyn responded on 08 Apr 2010 at 1:53 am #

    Do you know if there’s something that does this for SQL server?

  4. Gravatar Imageruslany responded on 08 Apr 2010 at 10:01 am #

    Glyn: I do not know if there is something like this for SQL Server.

Trackback URI | Comments RSS

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

XML Markup: If You want to add XML code to the comment please XML encode it first, otherwise the code will not show up.

Recently Published Articles