Unlike most Web servers, I need mine open to a select set of single and range IP addresses, on port 80 only. When...
these addresses are entered into the firewall and the IIS 5.0 IP address and domain name restrictions (where all ip's are DENIED ACCESS except those listed) then my users are not able to get to the Web site. However if the Web site is open to all traffic all ports at the firewall, and restricted at the IIS server in the same manner as above, then they are able to get to the Web site. Any thoughts as to why this could be happening?
The only conclusion that I can come to is that some sort of verification is taking place between my server and the requesting IP that is occurring on something other than port 80. Does this make sense?
First, if your Web servers are accessed by a "set of single and range IP addresses" only - then consider changing the default port of 80 to a unique port (see http://www.iana.org/assignments/port-numbers) at a minimum. Second, properly configure your router ACLs and firewall policy to only allow (above) IP's through. Your Web servers should not be running FTP server, Telnet server, SMTP server, etc. Third, make sure that TCP/IP filtering is properly set on your Web servers. The culprit exists in an improper 1) firewall rule, 2) Web server IP filtering, or 3) static translation statement.
Dig Deeper on Network Access Control
Related Q&A from Retired Expert - Luis Medina
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.