PowerShell: How To Set IP and Domain Restrictions to Specific IIS Sites

# Enable IP Filtering Feature in IIS using PowerShell
Install-WindowsFeature Web-IP-Security 
Restart-Service W3SVC

# Optional: Run IIS Manager GUI
# $env:windir\system32\inetsrv\InetMgr.exe

# Select the default website
$defaultWebsite=get-website|?{$_.id -eq 1}
$physicalPath=$defaultWebsite.PhysicalPath
$subSite=''
$entryPoint=$physicalPath+$subSite

# Show files
$siteFiles=gci $physicalPath
$siteFiles|write-host
$index=$siteFiles|?{$_.Name -match '^(default|index)\.\w+$'}
write-host "Index file is: $($index.FullName)"

# Deny All
Set-WebConfigurationProperty -Filter '/system.webServer/security/ipSecurity' -Location "$entryPoint" -Name allowUnlisted -Value False

# Deny from a specific IP or network
$ipAddress='192.168.20.0'
$subnetMask=24
$allowed='false'
Add-WebConfiguration -Filter '/system.webServer/security/ipSecurity' -Location "$entryPoint" -Value @{ipAddress="$ipAddress";subnetMask="$subnetMask";allowed="$allowed"}

# Allow traffic from a specific IP or network
$ipAddress='192.168.20.0'
$subnetMask=24
$allowed='true'
Add-WebConfiguration -Filter '/system.webServer/security/ipSecurity' -Location "$entryPoint" -Value @{ipAddress="$ipAddress";subnetMask="$subnetMask";allowed="$allowed"}

# Restart
Restart-WebItem -PSPath "IIS:\Sites\$entryPoint"

Leave a Reply

Your email address will not be published. Required fields are marked *