Windows Firewall IP ban?

Question

OK, question: I have a IIS webserver and Windows firewall. To allow incoming connections to IIS, I enabled port 80 and 8080.

But now, how can I block a specific IP address/range on port 80 (=ban) with windows firewall ?

Answer 1

You can define a "scope" for your custom firewall rules.

Here are the necessary steps for a Windows Server 2008 (similar on other modern Windows OS) in Administrative Tools > Windows firewall with advanced security for a new rule:

1. On the left side of the click on "Inbound Rules"
2. On the right side of the screen click on "New Rule".
3. Click on the "Custom" radio button and then click "Next".
4. The "All programs" radio button has to be selected, then click "Next".
5. On the protocol and ports options leave everything at its defaults (or if depending on your rule click the desired portocol/ports) and click "Next".
6. On the "Scope" screen you'll see two boxes the top one is for local IP addresses and the bottom is for remote IP addresses. In this scenario we are trying to block an outside (remote) IP from accessing anything on the server so we will need to add the IP address to this section only as it will not be a local IP address.
7. Click on the radio that says "These IP addresses" in the remote section.
8. Click on the Add button.
9. In the next window we will be adding a single IP address to the rule, you can also add an entire range at this point if you wish.
10. Click "OK" and then "Next".
11. Make sure you select the Block the connection radio on the next screen and then click "Next".
12. Leave all of the options on the next screen checked this will be sure to block the IP no matter the connection they are trying to use. Click "Next".
13. Change the rule name on the next screen to something you can remember in case you wish to remove or edit it in the future. Click "Finish."

Important note: be careful when you're administering a remote controlled server, you could lock yourself out!