![Restrict session ip false](https://kumkoniak.com/77.jpg)
- High privileges. The nfig file can only be opened (and modified) by administrators: no developer and/or deployment operator would be able to access or edit it, which can be a nasty limitation considering that they are the ones that will most likely need to add/remove the IP addresses from those blacklists/whitelists.
- The nfig file is a critical system file: if we make a syntax error while editing it and save it in a wrong state, all our websites will crash. However, manually handling the nfig file is not always a convenient thing to do, since it has several downsides: The full syntax for the tag, as well as its list of attributes and usage info, can be found in this Microsoft Learn article. Using the feature from the IIS Manager GUI is quite simple, but it's not always convenient - especially if we need to handle several IP addresses or address masks - because the interface is quite scarce in terms of features: for example, we are unable to "edit" the entries once we have created them, there is no way to create several entries using some kind of bulk insertion (they must be added one at a time) or to clone entries across different web sites, there is no export feature, and so on. Such a feature is made accessible through the IIS Manager GUI, as shown in the screenshot below: to authorize access to any external IP address with the exception of a list of blocked IPs.
to prevent access to any external IP address with the exception of a list of authorized IPs. This possibility is managed through the I P Address and Domain Restrictions built-in feature, which supports two alternative usage modes: IP Address and Domain Name RestrictionsĪs we already know from this post, IIS allows restricting access to a website to a specific list of IP addresses. In this article, we're going to expand on such a topic further: more precisely, we'll learn where these settings are stored on the filesystem, and some alternative approaches we might consider to achieve the same results in a more practical way.
Some months ago we published a post explaining how to restrict access to a website to some IP addresses using the IP Address and Domain Name Restrictions IIS feature.