Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.6 - IP Address Rejected"

Symptoms

When you visit a Web site that is hosted on Internet Information Services (IIS) 7.0, you receive an error message that resembles the following:
Server Error in Application "Application Name"
HTTP Error 403.6 - IP Address Rejected
HRESULT: 0x80070005
Description of HRESULT
# General access denied error

Cause

This problem occurs for one of the following reasons.

Cause 1

The value of the allowUnlisted property of the ipSecurity XML element is false. Additionally, the IP address of the client computer does not appear in the list of IP addresses under the ipSecurity XML element. IIS denies all requests from IP addresses that do not appear in the list of IP addresses under the ipSecurity XML element.

To resolve this problem, see Resolution 1.

Cause 2

Under the ipSecurity XML element, the value of the allowed property for the IP address of the client computer is false. Therefore, IIS denies all requests from the client computer.

To resolve this problem, see Resolution 2.

Resolution

Resolution 1

Important These steps may increase your security risk. These steps may also make the computer or the network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you decide to implement this process, take any appropriate additional steps to help protect the system. We recommend that you use this process only if you really require this process.
To resolve this problem, follow these steps:
  1. In a text editor, open the ApplicationHost.config file.
    Note The ApplicationHost.config file is located in the following folder:
    %SystemRoot%\system32\inetsrv\config
  2. Locate the ipSecurity XML element, and then set the value of the allowUnlisted property to true.
After you follow these steps, IIS accepts requests from any IP address that does not appear in the list of IP addresses under the ipSecurity XML element.

Note The security level of the server that is running IIS may be decreased when you enable IIS to accept requests from any IP address.

Resolution 2

To resolve this problem, follow these steps:
  1. In a text editor, open the ApplicationHost.config file.
    Note The ApplicationHost.config file is located in the following folder:
    %SystemRoot%\system32\inetsrv\config
  2. Locate the ipSecurity XML element.
  3. Under the ipSecurity XML element, view the list of IP addresses. Locate the IP address of the client computer, and then set the value of the allowed property to true.
Properties

Article ID: 942068 - Last Review: Sep 27, 2007 - Revision: 1

Feedback