Blocking requests from specific IPs using IIS Rewrite module

Posted by Thomas Levesque on Server Fault See other posts from Server Fault or by Thomas Levesque
Published on 2012-11-11T23:50:12Z Indexed on 2012/11/12 5:02 UTC
Read the original article Hit count: 571

Filed under:
|

I'm trying to block a range of IP that is sending tons of spam to my blog. I can't use the solution described here because it's a shared hosting and I can't change anything to the server configuration. I only have access to a few options in Remote IIS.

I see that the URL Rewrite module has an option to block requests, so I tried to use it. My rule is as follows in web.config:

            <rule name="BlockSpam" enabled="true" stopProcessing="true">
                <match url=".*" />
                <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                    <add input="{REMOTE_ADDR}" pattern="10\.0\.146\.23[0-9]" ignoreCase="false" />
                </conditions>
                <action type="CustomResponse" statusCode="403" />
            </rule>

Unfortunately, if I put it at the end of the rewrite rules, it doesn't seem to block anything... and if I put it at the start of the list, it blocks everything! It looks like the condition isn't taken into account.

In the UI, the stopProcessing option is not visible and is true by default. Changing it to false in web.config doesn't seem to have any effect.

I'm not sure what to do now... any ideas?

© Server Fault or respective owner

Related posts about iis

Related posts about blocking