{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 爱情/是我丢掉的垃圾 的问题《IIS | Block page specific url except for specific》','https://www.manongdao.com/q-1344753.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to block a url page specific (http://www.testdomain.com/login) for all IP addresses EXCEPT for an internal admin IP address. I have no issue blocking the pattern login but I want to test locally to make sure that the internal admin IP is excluded from the blocking rule for /login url. See what I have so far...
<rewrite>
<rules>
<rule name="RequestBlockingRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*login*" negate="false" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="true">
<add input="{HTTP_X_Forwarded_For}" pattern="92.102.130.65" />
</conditions>
<action type="None" />
</rule>
<rule name="RequestBlockingRule2" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{URL}" pattern="*login*" />
</conditions>
<action type="CustomResponse" statusCode="404" statusReason="File or directory not found." statusDescription="The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable." />
</rule>
What I also want is to duplicate same rule but for a query string of http://www.testdomain.com/home.aspx?ctl=login
<rule name="RequestBlockingRule3" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*ctl=login*" negate="false" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="true">
<add input="{HTTP_X_Forwarded_For}" pattern="93.107.170.85" />
</conditions>
<action type="None" />
</rule>
<rule name="RequestBlockingRule4" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{QUERY_STRING}" pattern="*ctl=login*" />
</conditions>
<action type="CustomResponse" statusCode="404" statusReason="File or directory not found." statusDescription="The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable." />
</rule>
</rules>
</rewrite>
What I've done is tried to exclude internal IP for specific pattern and then followed with the actual blocking rule. Does anyone know either a) a better alternative or b) see what I may or may not be doing wrong (ideally I'd like to test these rules out locally before I use them on actual server using real IP address). Thanks
I want to suggest to use a bit different way:
<action type="None" />Config code is:
This rule is blocking all requests to this URLs for all users, which has non white-listed IPs
ctl=loginin query stringIn my config above, i am using
{REMOTE_ADDR}. But you might need to use{HTTP_X_Forwarded_For}. It depends on you network infrastructure (if you have proxies or load balancers)You can test this rules locally by adding/removing your local IP form rewrite map