I'm trying to block a range of IP that is sending tons of spam to my blog. I can't use the solution described here because it's a shared hosting and I can't change anything to the server configuration. I only have access to a few options in Remote IIS.

I see that the URL Rewrite module has an option to block requests, so I tried to use it. My rule is as follows in web.config:

            <rule name="BlockSpam" enabled="true" stopProcessing="true">
                <match url=".*" />
                <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                    <add input="{REMOTE_ADDR}" pattern="10\.0\.146\.23[0-9]" ignoreCase="false" />
                </conditions>
                <action type="CustomResponse" statusCode="403" />
            </rule>

Unfortunately, if I put it at the end of the rewrite rules, it doesn't seem to block anything... and if I put it at the start of the list, it blocks everything! It looks like the condition isn't taken into account.

In the UI, the stopProcessing option is not visible and is true by default. Changing it to false in web.config doesn't seem to have any effect.

I'm not sure what to do now... any ideas?