Microsoft KB Archive/325745

= HOW TO: Restrict Access by Top-Level Domain Name in IIS =

Article ID: 325745

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q325745



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



IN THIS TASK
SUMMARY
 * Implement IIS Domain Name Restrictions for a Top-Level Domain Name

REFERENCES



SUMMARY
This step-by-step article describes how to restrict access to Web pages based on a client's top-level domain name. Examples of top-level domain names include .gov and .mil.

back to the top

Implement IIS Domain Name Restrictions for a Top-Level Domain Name
NOTE: This restriction may be set at the server, Web site, or directory level.  Click Start, click Programs, click Administrative Tools, and then click Internet Service Manager to open the Internet Service Manager (ISM). Right-click the server, Web site, or directory that you want to implement the restrictions on, and then click Properties. If you open the properties for the server, you must also select the service that you want to restrict access to (that is, WWW Service or FTP Service), and then click Edit. In the Properties dialog box, click the Directory Security tab, and then click Edit under IP address and domain name restrictions. In the IP Address and Domain Name Restrictions dialog box, locate By default, all computers will be, and then select Denied Access. Click Add, and then select Domain Name. NOTE: If you see the following warning from IIS WWW Configuration, click OK:

Warning: Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance.

For more information about this warning, visit the following Microsoft Web site:

Reverse lookup

http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_DNS_und_ReverseLookup.htm

 In the Domain Name text box, type '''*. ''', where  is the top-level domain that you want to permit access to the server. For example, if you want to permit site access to only users from .mil, type *.mil, and then click OK. To add more top-level domain names, repeat this step.</li> After you add the top-level domain names, click OK in the IP Address and Domain Name Restrictions dialog box, and then click OK in the Properties dialog box.</li></ol>

back to the top

<div class="references_section">