Applications must have an IP blocking feature in order to deny access to certain computers that could attack your site. But this can also be useful if you want to give access to your ASP application to just one person. In this article I will give you a step-by-step guide on how to allow or deny access to an specific IP using Web.ConfigOverview
As discussed before, the web.config is the main settings and configuration file for Asp.Net applications. It controls the behavior of your application and lets you and since the Web.Config file is stored in XML format, it is easy to work with. If we want to change the behavior of the application(such as denying access) you just need to use the appropriate tag element.
1. Open your project.
2. Open the web.Config file of your application. Look for the <system> tag:
3. Now, let’s add the code. For the purposes of this tutorial, we are going to allow access to our ASP application to the following IP:
IP Address: “172.22.1.124”
4. Open a <security> element tag. Below it we will deny access to anyone by opening the <ipSecurity> element tag and setting “allowUnlisted” to false:
<security> <ipSecurity allowUnlisted="false">
5. Now, insert a <clear/> tag. Below that tag, we will set the IP address that will have access to the application:
<clear/> <add ipAddress="127.0.0.1" allowed="true"/> <add ipAddress="172.22.1.124" subnetMask="255.255.255.0" allowed="true"/> </ipSecurity> </security>
Note: Remember that you need to close the <ipSecurity> and <security> element tags.
6. Save your changes.
7. And that’s it! Only one IP address is allowed to view the application!
This concludes Using Web.Config to Allow/Deny Access to an Specific IP