Preventing External User Access to a Private Web Site
Developer wants to block external users from internal Web sites.
I'm a developer running Internet Information Services (IIS) on my computer and want to make sure that my Web site isn't accessible from the Internet. How can I block access for external users?
A. You didn't mention any firewalls but if you're running a firewall, you can block TCP port 80 to prevent Internet users from accessing your Web site. Normally, Internet users will only be able to access your Web site if it's published to the world, which means your Web server must have proper DNS records on one of the DNS servers on the Internet.
If you're concerned about security (and everyone should be), you can configure IIS to allow only specific computers, groups of computers or domains access to your Web site. Here's the procedure:
- Open the IIS console and go to the Properties of your Web site.
- Click on the Directory Security tab.
- Click Edit in the IP address and domain name restrictions section.
- Notice that this is an exception list, so by default all computers are granted access. You can select the "Denied access" option and then add only the computers that you want to allow access. For example, you can add the IP address of a single computer, a group of computers or the entire domain name that should have access.
- Click OK until all the windows are closed.
Keep in mind that the restrictions that you configure will affect the entire Web site, not just individual parts of the Web site. In your case, this is exactly what you want, so you should be fine.
Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at firstname.lastname@example.org.