The Wayback Machine - https://web.archive.org/web/20090226060628/http://www.iis.net:80/extensions/DynamicIPRestrictions

Dynamic IP Restrictions

Application Request Routing

The Dynamic IP Restrictions Extension for IIS provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through Brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level.

Reduce the chances of a Denial of Service attack by dynamically blocking requests from malicious IP addresses

Dynamic IP Restrictions for IIS allows you to reduce the probabilities of your Web Server being subject to a Denial of Service attack by inspecting the source IP of the requests and identifying patterns that could signal an attack. When an attack pattern is detected, the module will place the offending IP in a temporary deny list and will avoid responding to the requests for a predetermined amount of time.

Minimize the possibilities of Brute-force-cracking of the passwords of your Web Server

Dynamic IP Restrictions for IIS is able to detect requests patterns that indicate the passwords of the Web Server are attempted to be decoded. The module will place the offending IP on a list of servers that are denied access for a predetermined amount of time. In situations where the authentication is done against an Active Directory Services (ADS) the module is able to maintain the availability of the Web Server by avoiding having to issue authentication challenges to ADS.

Maintain static lists containing IPs or domains that are begin denied to access the Web Server

Dynamic IP Restrictions for IIS maintains support for the functionality already provided by IPv4 Address and Domain Restrictions in IIS 7.0, thus allowing IT Administrators to build and use a static list of IP addresses and Domain Names that are denied or granted access.

Features

  • Seamless integration into IIS 7.0 Manager.
  • Dynamically blocking of requests from IP address based on either of the following criteria:
    • The number of concurrent requests.
    • The number of requests over a period of time.
  • Support for static list of IPs that are permanently denied or allowed access to the Web Site.
  • Support for static list of Domain Names that are permanently denied or allowed access to the Web Site.
  • Blocking of requests can be configurable at the Web Site or Web Server level.
  • Configurable deny actions allows IT Administrators to specify what response would be returned to the client. The module support return status codes 403, 404 or closing the connection.
  • Logging of dynamically denied requests in W3C format.
  • Real-time display of currently blocked IP Addresses by using IIS Manager.
  • Support for IPv6 addresses.

Learn More

Page view counter