IIS8 IP restrictions

I've got an IIS8/Windows 2012r2 server that is currently running a few sites (perfectly well with no issues).

I'm adding a new site that needs to have restrictions to all but a few IP addresses.

I've got the procedure sorted, have added the relevant IIS restriction role, added the first of the IP addresses to allow access, but as soon as I try to edit the feature settings to Deny unspecified clients, I get the following:

There was an error while performing this operation.

Details:


Filename:\\?\D:\path-to-website
Error: The configuration section
'system.webServer/security/dynamicIpSecurity' cannot be read because 
it is missing a section declaration

I've done searches both on here and a general Google search for the error, but nothing really comes up (talks more about .NET apps, and has a slightly different message).

This is a completely new site, only just created, completely devoid of any files in the web root.

I have also tried on the other sites that are running on the server, and they come up with the same error.

Unfortunately I can't really test it on another machine just yet as the other IIS based servers I've got are IIS7/Win2k8r2.

Here's what worked for me. Open the file:

C:\Windows\System32\inetsrv\config\applicationHost.config

locate the "webServer" section and the "security" one under it

<sectionGroup name="system.webServer"> 
     ...
     <sectionGroup name="security">

and add the following element under it:

<section name="dynamicIpSecurity" overrideModeDefault="Deny" />

After that I was able to set up dynamic IP security using IIS Manager.