1

The server is a Windows 2012 server. In its IIS 8, there is a virtual directory, say 'arcgis'. I want to restrict access to that specific directory only to local computers. The local IPV4 addresses come to something like 130.127.xx.xxx format.

So I launch IIS Manager, select the arcgis directory, then, using the 'Ip addresses and domain restrictions', I am able to enter an Allowed IP of 127.0.0.1 and that works fine. But, using the IP range option, when I enter 130.127.1.0 with a Mask of 255.255.255.0 then remote computers can't access the arcgis folder.

I suspect that's because I need to provide the IPV6 addresses (somehow) because the server computer is only able to find local computers by their strange looking IPV6 addresses when I 'ping'. I don't see any option to enter IPV4 addresses as some IPV4 'feature' and looks like by default only IPV6 are found ?

Any idea?

Thanks!

IrfanClemson
  • 111
  • 5

2 Answers2

0

Never mind, unfortunately, the only computer which the server is not able to see via the IPV4 addresses is my own work-station! For my workstation, the server--which is a VMWARE VM running on the workstation, the server finds that as the IPV6 addresses.

While I do need to make my workstation to be in the list of exceptions, at least I know why the problem is happening.

Hope this helps someone.

Thanks.

update I ended up disabling IPV6 on my workstation. Hopefully, our live servers will not have problem finding other intranet live servers by IPs--otherwise, this IP based restrictions will not work.

IrfanClemson
  • 111
  • 5
0

Unless you have set up your router (or DHCP server) to provide hosts on the LAN with an IPv6 address from a specific range, they will probably be assigned a "link-local" address. This is the equivalent of the 169.254.*.* address range in IPv4 that your get if your DHCP server doesn't respond to the request for an IP address (https://en.wikipedia.org/wiki/Private_network#Link-local_addresses). You can find the assigned link-local IP using IPConfig from a command prompt.

To whitelist all link-local IPv6 addresses within IIS's IP and domain restrictions module, click "Add Allow Entry..." then select the option to enter an IP address range.

In the first box enter fe80::

In the second box for "mask or prefix" enter 10

If your router does provide IPv6 address, you may need to input another entry for prefix fc00 with prefix 7 (https://en.wikipedia.org/wiki/Unique_local_address).

Daz
  • 271
  • 2
  • 6