HOW TO: Restrict Access by Top-Level Domain Name in IIS (325745)


The information in this article applies to:

  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Server 5.0
This article was previously published under Q325745
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

IN THIS TASK

SUMMARY

This step-by-step article describes how to restrict access to Web pages based on a client's top-level domain name. Examples of top-level domain names include .gov and .mil.

back to the top

Implement IIS Domain Name Restrictions for a Top-Level Domain Name

NOTE: This restriction may be set at the server, Web site, or directory level.
  1. Click Start, click Programs, click Administrative Tools, and then click Internet Service Manager to open the Internet Service Manager (ISM).
  2. Right-click the server, Web site, or directory that you want to implement the restrictions on, and then click Properties. If you open the properties for the server, you must also select the service that you want to restrict access to (that is, WWW Service or FTP Service), and then click Edit.
  3. In the Properties dialog box, click the Directory Security tab, and then click Edit under IP address and domain name restrictions.
  4. In the IP Address and Domain Name Restrictions dialog box, locate By default, all computers will be, and then select Denied Access.
  5. Click Add, and then select Domain Name. NOTE: If you see the following warning from IIS WWW Configuration, click OK:
    Warning: Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance.
    For more information about this warning, visit the following Microsoft Web site:

    Reverse lookup
    http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_DNS_und_ReverseLookup.htm

  6. In the Domain Name text box, type *.top-level domain, where top-level domain is the top-level domain that you want to permit access to the server. For example, if you want to permit site access to only users from .mil, type *.mil, and then click OK. To add more top-level domain names, repeat this step.
  7. After you add the top-level domain names, click OK in the IP Address and Domain Name Restrictions dialog box, and then click OK in the Properties dialog box.
back to the top

REFERENCES

For more information, visit the following Microsoft Web site:

Granting and Denying Access to Computers
http://www.microsoft.com/windows2000/en/server/iis/htm/core/iigdasc.htm

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

227943 How Internet Information Services (IIS) Handles Reverse Lookup Failures

back to the top
Modification Type:MinorLast Reviewed:6/23/2005
Keywords:kbhowto kbHOWTOmaster KB325745
©2004 Microsoft Corporation. All rights reserved.