Microsoft KB Archive/942068

= Error message when you visit a Web site that is hosted on IIS 7.0: &quot;HTTP Error 403.6 - IP Address Rejected&quot; =

Article ID: 942068

Article Last Modified on 9/27/2007

-

APPLIES TO


 * Microsoft Internet Information Services 7.0

-



SYMPTOMS
When you visit a Web site that is hosted on Internet Information Services (IIS) 7.0, you receive an error message that resembles the following:

Server Error in Application &quot; &quot;

HTTP Error 403.6 - IP Address Rejected

HRESULT: 0x80070005

Description of HRESULT


 * 1) General access denied error



CAUSE
This problem occurs for one of the following reasons.

Cause 1
The value of the allowUnlisted property of the ipSecurity XML element is false. Additionally, the IP address of the client computer does not appear in the list of IP addresses under the ipSecurity XML element. IIS denies all requests from IP addresses that do not appear in the list of IP addresses under the ipSecurity XML element.

To resolve this problem, see Resolution 1.

Cause 2
Under the ipSecurity XML element, the value of the allowed property for the IP address of the client computer is false. Therefore, IIS denies all requests from the client computer.

To resolve this problem, see Resolution 2.



Resolution 1
Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.

To resolve this problem, follow these steps:  In a text editor, open the ApplicationHost.config file.

Note The ApplicationHost.config file is located in the following folder:

%SystemRoot%\system32\inetsrv\config

 Locate the ipSecurity XML element, and then set the value of the allowUnlisted property to true.

After you follow these steps, IIS accepts requests from any IP address that does not appear in the list of IP addresses under the ipSecurity XML element.

Note The security level of the server that is running IIS may be decreased when you enable IIS to accept requests from any IP address.

Resolution 2
To resolve this problem, follow these steps:  In a text editor, open the ApplicationHost.config file.

Note The ApplicationHost.config file is located in the following folder:

%SystemRoot%\system32\inetsrv\config

 Locate the ipSecurity XML element. Under the ipSecurity XML element, view the list of IP addresses. Locate the IP address of the client computer, and then set the value of the allowed property to true.</ol>

Keywords: kbexpertiseadvanced kbexpertiseinter kbtshoot kbprb KB942068

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.