Configuring router ACLs and firewall policy
Unlike most Web servers, I need mine open to a select set of single and range IP addresses, on port 80 only. When these addresses are entered into the firewall and the IIS 5.0 IP address and domain name restrictions (where all ip's are DENIED ACCESS except those listed) then my users are not able to get to the Web site. However if the Web site is open to all traffic all ports at the firewall, and restricted at the IIS server in the same manner as above, then they are able to get to the Web site. Any thoughts as to why this could be happening?

The only conclusion that I can come to is that some sort of verification is taking place between my server and the requesting IP that is occurring on something other than port 80. Does this make sense?

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchNetworking.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchNetworking.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

First, if your Web servers are accessed by a "set of single and range IP addresses" only - then consider changing the default port of 80 to a unique port (see http://www.iana.org/assignments/port-numbers) at a minimum. Second, properly configure your router ACLs and firewall policy to only allow (above) IP's through. Your Web servers should not be running FTP server, Telnet server, SMTP server, etc. Third, make sure that TCP/IP filtering is properly set on your Web servers. The culprit exists in an improper 1) firewall rule, 2) Web server IP filtering, or 3) static translation statement.

This was first published in May 2003