Microsoft IIS 10.0 – Testing security on IIS 10.0

How to install Docker CE on CentOS 8

In this recipe, we will log in to Windows Server 2016 WIN2016IIS and check the IP address access and deny rules we’ve set. We will access the website ( from the server and access the website ( from the server.

Getting ready

We require an up-and-running IIS 10.0 instance. Security components should be installed. You should have administrative privileges.

How to do it…

  1. Log in to Windows Server 2016 with an account with administrative privileges.
  2. Open Server Manager from the Start menu or use the search window to find it.



  1. Click on the Tools menu from Server Manager; you will find IIS Manager. Open it and click on the WIN2016IIS IIS server. Expand the Sites folder and click on Go to the Features View of, select IP Address and Domain Restrictions, and open the IP Address and Domain Restrictions settings, as shown here:
  1. You can see in the figure that we have already created an Allow rule for IP address and Deny rule for IP address Let’s test the IP



  1. We need to check the WIN2016IIS server IP address. Open Command Prompt and type ipconfig, as shown here:
  1. You can see in the result that we have, the IP address of server WIN2016IIS. Now, let’s open the URL in Internet Explorer, as shown here:
  1. You see now how we can easily access the URL ( on server We added an Allow rule for the server IP so that we can access it. Now we have to test the URL on the server IP
  2. Log in to server, open Command Prompt, and type the command ipconfig to check the server IP address, as shown here:
  1. Now let’s open the URL ( on server You will get a Deny message, as shown in the following screenshot:

How it works…

In this recipe, we logged in to Windows Server 2016 WIN2016IIS and checked the IP address restriction rules and access and deny rules on the server. We accessed the website ( from server and website ( from server


Comments are closed.