IIS only serve requests with hostnames

security filtering iis

What is the optimal way to configure IIS to block direct IP access to the server? Direct IP access is only used by malicious scanners that will troll the entire internet by ip looking for vulnerable servers.

I stood up a server only yesterday that is not used anywhere on the internet, and already have '/MyAdmin/scripts/setup.php' was not found in my error logs.


Solution 1:

You can use the Url Rewrite feature of IIS to do that :

  1. Open the URL Rewrite feature :

URL Rewrite in IIS

  1. Add a rule of type "Request blocking" : enter image description here

  2. Block the requests based on host name :

If you know your IP address, you can use it to block requests which use it : enter image description here

Or you can block all requests which are not using the domain name : enter image description here

Hope this helps (It took me ages to find that).

Please note that I have no idea of the performance overhead of this usage.

Solution 2:

This is, frankly, beneath caring about, however...

  1. Set up the default site on the server to point to a blank directory, or static files, or something you don't care about getting hammered by "malicious scanners". [booga booga]
  2. Don't map any blank host headers to your sites in IIS.

Related

Are there any features in Linux that are essential for hosting Ruby on Rails?
FreeBSD how to rebuild all p5-* Perl 5 ports
Is there a way to find out what printers a user has mapped remotely?
http in the Location-header when the original request was made over https
Migrate KVM .img to VirtualBox .vdi
How to restart automatically the server after the backup is done
How to pass input from one script into another using bash
dig & nslookup can't resolve local hosts unless I specify the (local) DNS server to use
ESXi hosted on public IP without firewall
Find all snapshots created by ami where ami is deleted
Haproxy 1.5.3 / OpenSSL - Creating PEM
Office 365 - what is in the "Sensitive Word List" for spam filtering?