Article ID: 325745 - Last Review: July 7, 2008 - Revision: 4.2

HOW TO: Restrict Access by Top-Level Domain Name in IIS

View products that this article applies to.
This article was previously published under Q325745
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)

On This Page

Expand all | Collapse all

SUMMARY

This step-by-step article describes how to restrict access to Web pages based on a client's top-level domain name. Examples of top-level domain names include .gov and .mil.

Back to the top

Implement IIS Domain Name Restrictions for a Top-Level Domain Name

NOTE: This restriction may be set at the server, Web site, or directory level.
  1. Click Start, click Programs, click Administrative Tools, and then click Internet Service Manager to open the Internet Service Manager (ISM).
  2. Right-click the server, Web site, or directory that you want to implement the restrictions on, and then click Properties. If you open the properties for the server, you must also select the service that you want to restrict access to (that is, WWW Service or FTP Service), and then click Edit.
  3. In the Properties dialog box, click the Directory Security tab, and then click Edit under IP address and domain name restrictions.
  4. In the IP Address and Domain Name Restrictions dialog box, locate By default, all computers will be, and then select Denied Access.
  5. Click Add, and then select Domain Name. NOTE: If you see the following warning from IIS WWW Configuration, click OK:
    Warning: Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance.
    For more information about this warning, visit the following Microsoft Web site:
    Reverse lookup
    http://technet.microsoft.com/en-us/library/cc784493.aspx (http://technet.microsoft.com/en-us/library/cc784493.aspx)
  6. In the Domain Name text box, type *.top-level domain, where top-level domain is the top-level domain that you want to permit access to the server. For example, if you want to permit site access to only users from .mil, type *.mil, and then click OK. To add more top-level domain names, repeat this step.
  7. After you add the top-level domain names, click OK in the IP Address and Domain Name Restrictions dialog box, and then click OK in the Properties dialog box.
Back to the top

REFERENCES

For more information, visit the following Microsoft Web site:
Granting and Denying Access to Computers
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/library/IIS/400d7190-1140-4b5a-8e15-5c435760eab4.mspx (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/library/IIS/400d7190-1140-4b5a-8e15-5c435760eab4.mspx)
Back to the top
APPLIES TO
  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Services 5.0
Back to the top
Keywords: 
kbhowtomaster KB325745
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers