1

Hello I have been searching for a solution to this, what I want to accomplish is the ability for me to define firewall rules that will limit the amount of connections to certain ports from the same source IP address, I looked into WIPFW but it is no longer supported and the newest build for x86 will not work on my x64 Windows server (after trying numerous amount of times and installing the new sources on Dummy Net IPFW).

An external firewall solution is not an option unfortunately, nor is the option to run a virtual machine running a Linux OS that would handle iptable rules on the server.

Is there any solutions that you know of that would be able to do the things I'm asking for and it being compatible with my current configuration and limitations?

I've seen a few questions that ask the same thing and they have received lackluster responses or no responses at all, surely there must be a solution to such a simple firewall feature?

Upperfoot
  • 11
  • 1
  • 2
  • "An external firewall / linux is not an option..." Well they are options, you've just chosen to exclude them without explaining why you can't use them. "Surely there must be a solution.." Yes, use an external firewall / linux. You know the answer. – BlueCompute Jul 17 '14 at 14:08
  • @BlueCompute The point of me explaining that they aren't options is important criteria for answering the question, I'm not entitled nor do I see the point in needing to explain why they aren't, I gave the bounds with which to answer the question, questioning why these are the bounds is not helpful nor is it answering the main question directly. Thanks for the input though. – Upperfoot Jul 17 '14 at 20:40
  • Yeah, cool, I'm just pointing out that the correct answer may well be 'This isn't a supported feature; use an external firewall.' – BlueCompute Jul 17 '14 at 21:46

1 Answers1

2

For IIS at least one option is Dynamic IP Restrictions which is a supported addon for IIS 7 from Microsoft. It's features include:

Dynamically blocking of requests from IP address based on either of the following criteria:

  • The number of concurrent requests.
  • The number of requests over a period of time.

It can be installed with the Web Platform Installer and integrates fully with IIS 7.0 Manager.

enter image description here

For other services/ports it is usually better to also use a solution or technique specific to it. A common one is banning an ipaddress for a while after several failed login attempts within a short period of time (like denyhosts or fail2ban on Linux/Unix systems) for services like SSH and RDP. An example for Windows would be ts_block which does it for Terminal Server connections.

Brian
  • 3,386
  • 17
  • 16
  • Thanks Brian, I did have a look at this and all the implementations seem to be protocol specific, unfortunately I won't be using either IIS or Terminal Server connections. – Upperfoot Jul 17 '14 at 20:40