Login :: Register
General Topics
HostedbyMaximumASP170x35
2005 IIS MVPs
Other IIS Sites
  How can I set 2000 IP address and domain name restrictions? 

How can I set 2000 IP address and domain name restrictions?

The following script will do this task for you. You ned to setup an IP Restrictions file, the file can contain IP Addresses, IP Addresses and SubNet masks, and Domain names.

Example Exception File:

# This file contains exceptions for IIS you can specify a domain or an ip address
192.168.0.1
155.63.0.0, 255.255.0.0
www.xyz.com

Call it like this:
c:>cscript SetIPRestrictionsFromFile.vbs -n Site -f "c:\iisrestrictions.txt

Option Explicit
Const ShowLists = false
Dim ArgComputer, ArgSiteNumber, ArgFilename
Sub DisplayUsage
 WScript.Echo "usage: cscript SetIPRestrictionsFromFile.vbs"
 WScript.Echo "                [--filename|-f IPRestrictionFilename]"
 WScript.Echo "                [--SiteNumber|-n SITENUMBER or ""Site""]"
 WScript.Echo "                [--help|-?]"
 WScript.Echo ""
 WScript.Echo "Example 1: SetIPRestrictionsFromFile -n 1 -f ""c:\iprestrictions.txt"""
 WScript.Echo ""
 WScript.Echo "Format of the IP Restrictions file"
 WScript.Echo "#=Comment"
 WScript.Echo "192.168.0.1"
 WScript.Echo "155.63.0.0, 255.255.0.0"
 WScript.Echo "www.xyz.com"
 WScript.Echo ""
 WScript.Echo "For more scripts goto www.iisfaq.com"
 WScript.Quit(1)
End Sub
Sub checkCmdLine()
Dim OArgs, ArgNum
Set oArgs = WScript.Arguments
ArgNum = 0
if (oArgs.Count = 0) then
 Call displayUsage
end if
While ArgNum < oArgs.Count
 Select Case LCase(oArgs(ArgNum))
  Case "--sitenumber","-n":
   ArgNum = ArgNum + 1
   if (ArgNum = oArgs.count) then
    Call DisplayUsage()
   end if
   if (lcase(oArgs(ArgNum)) = "site") then
      ArgSiteNumber = "SITE"
   else
      ArgSiteNumber = CLng(oArgs(ArgNum))
   end if
  Case "--file","-f":
   ArgNum = ArgNum + 1
   if (ArgNum = oArgs.count) then
    Call DisplayUsage()
   end if
   ArgFilename = oArgs(ArgNum)
  Case "--help","-?":
   Call DisplayUsage
  Case Else:
   WScript.Echo "Unknown argument "& oArgs(ArgNum)
   Call DisplayUsage
 End Select 
 ArgNum = ArgNum + 1
Wend
if (ArgFilename = "") then
 WScript.Echo "Exception filename is required."
 WScript.Echo ""
 Call DisplayUsage
end if
if (ArgSiteNumber = "") then
 WScript.Echo "Site number is required."
 WScript.Echo ""
 Call DisplayUsage
end if
end sub
function IsLineAnIP(Line)
 Dim Pos, Ch
 for pos = 1 to len(line)
  ch = mid(Line, pos,1)
  if ((Ch >= "0") and (Ch <="9")) or (ch = ".") or (ch=",") or (ch=" ") then
  else 
   IsLineAnIP = False ' it is a domain
   Exit Function
  end if
 next
 IsLineAnIP = True
end function
Sub Work(WebSitePath, FileName)
Dim Pos, IPCount, DomainCount, FSO, TextFile, Line, IISOBJECT, IPSecurity, IPList, DomainList
Redim IPList(10000)
Redim DomainList(10000)
IPCount =0
DomainCount =0
Set FSO = WScript.CreateObject("Scripting.FileSystemObject")
if (fso.FileExists(Filename) = false) then
 WScript.echo "Exception file does not exist: " & Filename
 WScript.Quit(2)
 Exit sub
end if
Set TextFile = fso.OpenTextFile(Filename, 1) ' 1 = read
if (textFile.AtEndOfStream = true) then
 WScript.echo "Exception file is empty: " & Filename
 WScript.Quit(2)
 Exit sub
end if
while textFile.AtEndOfStream = false
 Line = textFile.ReadLine
 if (left(line,1) = "#") or (Len(line) = 0) then 
    ' skip this line
 elseif (IsLineAnIP(Line) = true) then
  IPList(IPCount) = Line
  IPCount = IPCount + 1
 else
  DomainList(DomainCount) = Line
  DomainCount = DomainCount + 1
 end if 
wend
textfile.Close
Set textFile =Nothing
Set FSO = Nothing
' At this point we have a 10,000 element array for the IP and domains, redim them down to the exact number
Redim Preserve IPList(IPCount)
Redim Preserve DomainList(DomainCount)
if (ShowLists = true)  then
' Display the IP list
For pos = 0 to IPCount-1 
 WScript.Echo Pos & " = " & IPList(Pos)
next
' Display the Domain list
For pos = 0 to DomainCount-1 
 WScript.Echo Pos & " = " & DomainList(Pos)
next
end if
on error resume next
err.Clear
Set IISObject = GETObject(WebSitePath)
if (Err <> 0) then
 WScript.echo "Unable to connect to the web site: " & WebSitePath
 WScript.Quit(1)
 Exit sub
end if
' Read the IP Security object - http://msdn.microsoft.com/library/psdk/iisref/aore0ard.htm
Set IPSecurity = IISObject.Get("IPSecurity")
if (Err <> 0) then
 WScript.echo "Unable to connect to the IPSecurity Object on " & WebSitePath
 WScript.Quit(1)
 Exit sub
end if
' Set that we want to grant everyone access
IPSecurity.GrantByDefault = True
' Set the exceptions - these ips will not be allowed access
IPSecurity.IPDeny = IPList
' Set the exceptions - these domains will not be allowed access
IPSecurity.DomainDeny = DomainList
' Save the object back to the IIS object
IISObject.IPSecurity = IPSecurity
' Save the changes back to the metabase
IISObject.Setinfo
if (Err <> 0) then
 WScript.echo "Unable to save changes to the IPSecurity Object on " & WebSitePath
 WScript.Quit(1)
 Exit sub
end if
WScript.Echo "IPrestrictions Summary for " & WebSitePath
WScript.Echo 
WScript.Echo "IP Addresses in Exception list: " & IPCount
WScript.Echo "Domains in Exception List     : " & DomainCount
end sub
Dim IISPath
ArgComputer   = "localHost"
ArgSiteNumber = ""
ArgFilename   = ""
Call CheckCmdLine()
IISPath = "IIS://" & ArgComputer & "/w3svc"
if (ArgSiteNumber <> "SITE") then
  IISPath = IISPath + "/" & ArgSiteNumber & "/root"
end if  
Call Work(IISPath, ArgFilename)
 This site and its contents are Copyright 1999-2004 by IISFAQ Microsoft Corporation in no way endorses or is affiliated with IISFAQ