I am having a problem with the IIS 7 on a Win 2008 server. I only want to have access to it inside my network and denied access from anyone outside the network. I had created a rule to permit access to the group of computers with the IP: 192.168.0.1 (255.255.255.0). In the IIS6 this was enougth to prevent access of any IP that don't belong to the network. Any idea of how can I block these access? Thanks!
Use IP SeŃurity (IP Address and Domain restrictions role for IIS7) - it allows you to block a list of IP addresses.
Look at IP Security
The same rule should work in IIS7, you may need to install the component for IP Filtering though via the Role Manager.
In addition to the built-in request filtering, there is an addon for dynamic filtering -- http://www.iis.net/download/DynamicIPRestrictions
The rule should be: 192.168.0.0 (255.255.255.0)
to allow all clients on the 192.168.0.x network access.
First edit the configuration to deny all, then add this rule
Related
Is it possible to block website from DNS Level. Is it possible to create DNS server in windows server 2012?
I know you can do it pre-DNS pevel. Prior to DNS lookup, windows will check the hosts file for IP to domain mapping. You can set facebook.com to 192.168.1.1 and it will use that ip for facebook rather than looking it up in DNS, and thus blocking it. This would require modifying the host file on every machine you want to sensor though. Its a file in the system32 folder.
I am unable to connect to amazon ec2 instance (public domain) form office network. It works fine outside the office network.
Looks like something is getting blocked in the network. Not sure how to figure out or which logs need to be checked to find out what exactly is getting blocked.
Error Message:
ec2-54-218-186-23.us-west-2.compute.amazonaws.com took too long to respond.
Typically, if the connection takes too long to respond, the problem is due to the Security Group assigned to the instance. Check that it is allowing Inbound access from the entire Internet (0.0.0.0/0) on your desired port (Windows RDP port 3389, SSH port 80).
Of course, opening up access to the entire Internet is not good for security, so it is better to limit it to a smaller range of IP addresses, such as your corporate network and your home IP address.
Reason
Security groups enable you to control traffic to your instance, including the kind of traffic that can reach your instance. For example, you can allow computers from only your home network to access your instance using SSH. If your instance is a web server, you can allow all IP addresses to access your instance using HTTP or HTTPS, so that external users can browse the content on your web server.
Before You Start
Decide who requires access to your instance; for example, a single host or a specific network that you trust such as your local computer's public IPv4 address. The security group editor in the Amazon EC2 console can automatically detect the public IPv4 address of your local computer for you. Alternatively, you can use the search phrase "what is my IP address" in an internet browser, or use the following service: Check IP. If you are connecting through an ISP or from behind your firewall without a static IP address, you need to find out the range of IP addresses used by client computers.
Warning
If you use 0.0.0.0/0, you enable all IPv4 addresses to access your instance using SSH. If you use ::/0, you enable all IPv6 address to access your instance. This is acceptable for a short time in a test environment, but it's unsafe for production environments. In production, you authorize only a specific IP address or range of addresses to access your instance.
THE SOLUTION BEGINS HERE
Your default security groups and newly created security groups include default rules that do not enable you to access your instance from the Internet. To enable network access to your instance, you must allow inbound traffic to your instance. To open a port for inbound traffic, add a rule to a security group that you associated with your instance when you launched it.
Adding a Rule for Inbound SSH Traffic to a Linux Instance
In the navigation pane of the Amazon EC2 console, choose Instances. Select your instance and look at the Description tab; Security groups lists the security groups that are associated with the instance. Choose view rules to display a list of the rules that are in effect for the instance.
In the navigation pane, choose Security Groups. Select one of the security groups associated with your instance.
In the details pane, on the Inbound tab, choose Edit. In the dialog, choose Add Rule, and then choose SSH from the Type list.
In the Source field, choose My IP to automatically populate the field with the public IPv4 address of your local computer. Alternatively, choose Custom and specify the public IPv4 address of your computer or network in CIDR notation. For example, if your IPv4 address is 203.0.113.25, specify 203.0.113.25/32 to list this single IPv4 address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.
Choose Save.
You can find detailed solution here
I have a piece of code where an external API needs to access my "www" folder for images. When I load the url, "http://localhost:8001/images/1.jpg" from the browser, it does show the image. But when I access it through the code it says, "connection refused". I have turned off the firewall as well. I also tried using the IP address instead of the "localhost".That doesn't work either. Please help.
Remember the domain name localhost has a special meaning. It always means this PC, or more accurately this network cards loopback address.
I cannot access your PC from here using the domain name localhost, as it will always be looped back to my PC.
If you want an external site to make a call to your PC then there are a number of things you will have to do.
Buy yourself an domain name, you either buy a real one or use a Dynamic DNS service like dyndns.com or or noip.com
Or you use your routers WAN ip address.
Then you must amend the httpd.conf file so that Apache allows access
from all ipaddress's
Then you must Port Forward your Router so the the NAT firewall allows
external accesses on port 80 to be forwarded to the internal PC
running Apache, and only that PC.
And possibly amend your software firewall on the Apache PC to allow access from external sources on port 80
I have a domain www.rentcars.sg which is pointed to the right DNS server and verified by someone else and is working correctly: https://forums.aws.amazon.com/message.jspa?messageID=362885#362885
However, even though I setuped the domain correctly on the server with IIS, it's not working correctly.
Can anyone point me to the right direction? Is there any additional setup I need to make to get it working?
Server IP : 23.23.129.247
Using the internal IP, it works but not with the server ip with port/url.
I am not sure if I understand your problem, but my approach would be:
Allocating EC2 Elastic IP Address.
Associating such an address with your running EC2 instance.
Pointing your domain name to this IP address.
Adding inbound TCP rule for all IP sources (0.0.0.0/0) in Security Group settings belonging to your EC2 instance.
Keep in mind that windows instances in AWS come with the software (windows) firewall enabled by default. Make sure that you have the correct firewall policies in place in the software firewall as well as the security group.
When I say,
1000 domains are hosted on the same server.
Does it means that 1000 domains are hosted on the same IP address?
Yes. You configure the server software to correlate the host name to the right service files. This applies to FTP/WWW, etc.
A server can host either virtually by use of the same IP address with different host headers (example.com, sample.com, sub.sample.com), through the use of multiple IPs bound to the server, or a combination of both.
So to answer your question, no, having 1000 domains hosted on the same IP address doesn't mean that they have the same IP address. However, it is possible given the configuration of the sites.
Normally, yes.
There is nothing stopping you from installing another NIC and having another IP address on the machine, but typically, 1000 domains hosted on the same server will be accessible using the same IP address.
Web servers use the host header to determine which site to load when many sites are configured to use the same IP address.
It's possible, with name based virtual hosting, a feature introduced in HTTP 1.1. It causes some problems with really old (corporate) proxies that pretend to only speak HTTP 1.0 and there are SSL related issues, so in general it's not the optimum solution.