How to deny and allow access certain path/directory/file based on IP Address without changing codes?

Question

How to do this without changing codes? Like using web.config or on IIS? I found but it looks like it is site-wide.

Answer 1

Why not use roles and give access accordingly for set of pages?

However there is a IP Address and Domain Restrictions modules in IIS that can be used at site/folder/file level.

So say you have a website samplewebsite hosted on IIS which has a folder Content and a file test.aspx.

1. Open IIS manager expand the site and select the folder
2. Click on IP Address and Domain Restrictions => On the right side you can see Add Allow Entry/Add Deny Entry.
3. Clicking on it opens a pop-up where you can add your rule to restrict specific IP by adding a deny rule.

The rules you add here will go to applicationhost.config (C:\Windows\System32\inetsrv\config\applicationHost.config) and not your web.config. A sample deny rule will look like below -

<location path="samplewebsite/Content">
    <system.webServer>
        <security>
            <ipSecurity>
                <add ipAddress="10.0.0.1" allowed="false" />
            </ipSecurity>
        </security>
    </system.webServer>
</location>

If you want to do the same thing for a page

1. Open IIS manager expand the site and select the folder
2. Now on the bottom you can see Content View (More info about Content View here - https://technet.microsoft.com/en-us/library /cc771124%28v=ws.10%29.aspx). Click on the Content View and that will list all the files inside that folder.
3. Right click on the file you want to restrict and click on Switch to Features View . Now you can see all the modules and follow the same steps above to add a rule.

I am not really sure if this is the best approach as IP restrictions are recommended to be at site/server level.