IIS 7 IP 地址和域限制 - 拒绝所有
今天晚上,我注意到我们在同一 IP 地址上托管的几个网站上存在来自同一 IP 地址的暴力攻击尝试。这次尝试是为了利用一系列与 php 相关的漏洞。
当我收到所有这些通知时,我只需在 IIS 管理器/IP 地址和域限制中添加传入 IP 地址 - 设置为拒绝,然后保留它。
没有更多通知,所以我认为一切都很好。
后来,当我尝试访问我们的任何网站时,我尝试访问这些网站的任何 IP 地址均收到 403 访问被拒绝错误。我确实有一个网站,我为其他 IP 地址设置了明确的允许规则,我可以访问该网站,但所有其他网站都没有这一特殊规则。
为了让所有站点重新工作,我添加了一条允许规则,其中添加的 IP 地址范围是 Web 服务器的 IP 地址,并且掩码或前缀 =“(1)”。
以下是 IP 地址和域限制中的设置:
Mode: Allow
Requestor: ([my server's IP address])(1)
Entry Type: Local
所以我想知道为什么现在允许访问我的其余网站。我是否错误地删除了之前应该存在的值?
This evening I noticed a brute force attack attempt from the same IP address on several of our websites hosted on the same IP address. The attempt was to exploit a bunch of php-related vulnerabilities.
As I get notifications on all of these, I simply added the incoming IP address in IIS Manager/IP Address and Domain Restrictions - set to deny, then left it.
No more notifications, so I figured everything was good.
Later when I attempted to access any of our websites, I got a 403 access denied error from any IP address I tried to access these sites from. I do have one site that I have explicit allow rules set for other IP addresses, which I was able to access, however all the other sites do not have this special rule.
To get all the sites working again, I added an Allow rule where I added an IP address range is the web server's IP address, and Mask or Prefix = "(1)".
Here are the settings in IP Address and Domain Restrictions:
Mode: Allow
Requestor: ([my server's IP address])(1)
Entry Type: Local
So what I'd like to know is why this is now allowing access to the rest of my sites. Did I mistakenly delete a value that should have been there before?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从我读到的这里,默认情况下,域名限制是关闭的。
From what I read here, By default, domain name restrictions are disabled.