"David Wang" <w3.4***@gmail.com> wrote in message
news:4c33a9d1-1757-4461-b968-c5001b498f3c@g3g2000pre.googlegroups.com...
On Jan 7, 9:19 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
wrote:
> Trying to manage the IP restrictions in IIS 6.0 is a nightmare! The IPs
> are
> not sortable, and aren't even sorted, so trying to go through hundreds of
> IPs to delete some is a real PITA!
>
> Is there any 3rd party util to manage IP restrictions, or some other way
> rather than poking in the dark?
>
> --
>
> Mike

On Jan 8, 9:18 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
wrote:
> I work for a contractor at NASA, and we use IP restrictions to ALLOW only
> certain IPs to our sites. We are way down the food chain, and trying to get
> the top level folks to add or remove hundreds of IPs from the multitudes of
> firewalls that exist would be an impossibility.
>
> We are in the process of cleaning up, and removing IPs that have not
> accessed our sites in over a year, and it is not a fun task with the IIS
> manager snap-in!
>
> --
>
> Mike
>
> "David Wang" <w3.4***@gmail.com> wrote in message
>
> news:4c33a9d1-1757-4461-b968-c5001b498f3c@g3g2000pre.googlegroups.com...
> On Jan 7, 9:19 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
> wrote:
>
> > Trying to manage the IP restrictions in IIS 6.0 is a nightmare! The IPs
> > are
> > not sortable, and aren't even sorted, so trying to go through hundreds of
> > IPs to delete some is a real PITA!
>
> > Is there any 3rd party util to manage IP restrictions, or some other way
> > rather than poking in the dark?
>
> > --
>
> > Mike
>
> What are you using IP Restrictions in IIS to accomplish?
>
> I am sure it is possible to develop a perfect tool to manage IP
> Restrictions to satisfy your need. I am not certain the utility tool
> needs to exist since that depends on design/needs. I am certain that
> IIS is not required to provide this tool since it is a platform.
>
> If this is a public-facing site -- people block IPs on the upstream
> router/switch to prevent the blocked IP from consuming the downstream
> bandwidth. Using IP Restriction on IIS is about the worst possible
> design for this task since the network bandwidth is already consumed.
> That has nothing to do with how PITA IIS IP Restrictions are to manage
> -- it has everything to do with how badly the solution resolves the
> real problem.
>
> Alternatively, If you are using IP Restriction as a form of
> authentication/authorization -- that is also poor design. IP is not a
> good indicator for AuthN/AuthZ because it can be forged.
>
> In short, what are you trying to accomplish with IP Restrictions in
> IIS...
>
> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang
> //

On Jan 8, 9:18 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
wrote:
> I work for a contractor at NASA, and we use IP restrictions to ALLOW only
> certain IPs to our sites. We are way down the food chain, and trying to
> get
> the top level folks to add or remove hundreds of IPs from the multitudes
> of
> firewalls that exist would be an impossibility.
>
> We are in the process of cleaning up, and removing IPs that have not
> accessed our sites in over a year, and it is not a fun task with the IIS
> manager snap-in!
>
> --
>
> Mike
>
> "David Wang" <w3.4***@gmail.com> wrote in message
>
> news:4c33a9d1-1757-4461-b968-c5001b498f3c@g3g2000pre.googlegroups.com...
> On Jan 7, 9:19 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
> wrote:
>
> > Trying to manage the IP restrictions in IIS 6.0 is a nightmare! The IPs
> > are
> > not sortable, and aren't even sorted, so trying to go through hundreds
> > of
> > IPs to delete some is a real PITA!
>
> > Is there any 3rd party util to manage IP restrictions, or some other way
> > rather than poking in the dark?
>
> > --
>
> > Mike
>
> What are you using IP Restrictions in IIS to accomplish?
>
> I am sure it is possible to develop a perfect tool to manage IP
> Restrictions to satisfy your need. I am not certain the utility tool
> needs to exist since that depends on design/needs. I am certain that
> IIS is not required to provide this tool since it is a platform.
>
> If this is a public-facing site -- people block IPs on the upstream
> router/switch to prevent the blocked IP from consuming the downstream
> bandwidth. Using IP Restriction on IIS is about the worst possible
> design for this task since the network bandwidth is already consumed.
> That has nothing to do with how PITA IIS IP Restrictions are to manage
> -- it has everything to do with how badly the solution resolves the
> real problem.
>
> Alternatively, If you are using IP Restriction as a form of
> authentication/authorization -- that is also poor design. IP is not a
> good indicator for AuthN/AuthZ because it can be forged.
>
> In short, what are you trying to accomplish with IP Restrictions in
> IIS...
>
> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang
> //

"Mike Matheny" <thomasdotmdotmathenya@nasadotgov> wrote in message
news:uceFL%23ccJHA.2444@TK2MSFTNGP06.phx.gbl...
>I have a list of IPs I want to delete from the access - my complaint is
>that they are listed in some crazy, unsorted form in IIS manager! Could be
>easy to overlook one because of the inability to sort in the window!
>
> --
>
> Mike
>
> "David Wang" <w3.4***@gmail.com> wrote in message
> news:de2236d5-1a96-4ffc-8319-3a51ad68796a@t39g2000prh.googlegroups.com...
> Ok. Then you can try opening %windir%\System32\inetsrv\metabase.xml
> with notepad to get a holistic view of the IPRestriction node. Don't
> edit it yet - IIS won't take notepad-based changes by default.
>
> Once you've got all the IP Addresses, you can put them into something
> like Excel to sort as you wish.
>
> Or you can put it into a text file and use LogParser to query and
> cross-correlate with IIS log files on access frequency.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Jan 8, 9:18 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
> wrote:
>> I work for a contractor at NASA, and we use IP restrictions to ALLOW only
>> certain IPs to our sites. We are way down the food chain, and trying to
>> get
>> the top level folks to add or remove hundreds of IPs from the multitudes
>> of
>> firewalls that exist would be an impossibility.
>>
>> We are in the process of cleaning up, and removing IPs that have not
>> accessed our sites in over a year, and it is not a fun task with the IIS
>> manager snap-in!
>>
>> --
>>
>> Mike
>>
>> "David Wang" <w3.4***@gmail.com> wrote in message
>>
>> news:4c33a9d1-1757-4461-b968-c5001b498f3c@g3g2000pre.googlegroups.com...
>> On Jan 7, 9:19 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
>> wrote:
>>
>> > Trying to manage the IP restrictions in IIS 6.0 is a nightmare! The IPs
>> > are
>> > not sortable, and aren't even sorted, so trying to go through hundreds
>> > of
>> > IPs to delete some is a real PITA!
>>
>> > Is there any 3rd party util to manage IP restrictions, or some other
>> > way
>> > rather than poking in the dark?
>>
>> > --
>>
>> > Mike
>>
>> What are you using IP Restrictions in IIS to accomplish?
>>
>> I am sure it is possible to develop a perfect tool to manage IP
>> Restrictions to satisfy your need. I am not certain the utility tool
>> needs to exist since that depends on design/needs. I am certain that
>> IIS is not required to provide this tool since it is a platform.
>>
>> If this is a public-facing site -- people block IPs on the upstream
>> router/switch to prevent the blocked IP from consuming the downstream
>> bandwidth. Using IP Restriction on IIS is about the worst possible
>> design for this task since the network bandwidth is already consumed.
>> That has nothing to do with how PITA IIS IP Restrictions are to manage
>> -- it has everything to do with how badly the solution resolves the
>> real problem.
>>
>> Alternatively, If you are using IP Restriction as a form of
>> authentication/authorization -- that is also poor design. IP is not a
>> good indicator for AuthN/AuthZ because it can be forged.
>>
>> In short, what are you trying to accomplish with IP Restrictions in
>> IIS...
>>
>> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang
>> //
>
>

"Mike Matheny" <thomasdotmdotmathenya@nasadotgov> wrote in message
news:ugqZnidcJHA.1272@TK2MSFTNGP04.phx.gbl...
> There is no IPRestriction section in that file!
>
> --
>
> Mike
>
> "Mike Matheny" <thomasdotmdotmathenya@nasadotgov> wrote in message
> news:uceFL%23ccJHA.2444@TK2MSFTNGP06.phx.gbl...
>>I have a list of IPs I want to delete from the access - my complaint is
>>that they are listed in some crazy, unsorted form in IIS manager! Could be
>>easy to overlook one because of the inability to sort in the window!
>>
>> --
>>
>> Mike
>>
>> "David Wang" <w3.4***@gmail.com> wrote in message
>> news:de2236d5-1a96-4ffc-8319-3a51ad68796a@t39g2000prh.googlegroups.com...
>> Ok. Then you can try opening %windir%\System32\inetsrv\metabase.xml
>> with notepad to get a holistic view of the IPRestriction node. Don't
>> edit it yet - IIS won't take notepad-based changes by default.
>>
>> Once you've got all the IP Addresses, you can put them into something
>> like Excel to sort as you wish.
>>
>> Or you can put it into a text file and use LogParser to query and
>> cross-correlate with IIS log files on access frequency.
>>
>>
>> //David
>> http://w3-4u.blogspot.com
>> http://blogs.msdn.com/David.Wang
>> //
>>
>>
>>
>> On Jan 8, 9:18 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
>> wrote:
>>> I work for a contractor at NASA, and we use IP restrictions to ALLOW
>>> only
>>> certain IPs to our sites. We are way down the food chain, and trying to
>>> get
>>> the top level folks to add or remove hundreds of IPs from the multitudes
>>> of
>>> firewalls that exist would be an impossibility.
>>>
>>> We are in the process of cleaning up, and removing IPs that have not
>>> accessed our sites in over a year, and it is not a fun task with the IIS
>>> manager snap-in!
>>>
>>> --
>>>
>>> Mike
>>>
>>> "David Wang" <w3.4***@gmail.com> wrote in message
>>>
>>> news:4c33a9d1-1757-4461-b968-c5001b498f3c@g3g2000pre.googlegroups.com...
>>> On Jan 7, 9:19 am, "Mike Matheny" <thomasdotmdotmathenya@nasadotgov>
>>> wrote:
>>>
>>> > Trying to manage the IP restrictions in IIS 6.0 is a nightmare! The
>>> > IPs
>>> > are
>>> > not sortable, and aren't even sorted, so trying to go through hundreds
>>> > of
>>> > IPs to delete some is a real PITA!
>>>
>>> > Is there any 3rd party util to manage IP restrictions, or some other
>>> > way
>>> > rather than poking in the dark?
>>>
>>> > --
>>>
>>> > Mike
>>>
>>> What are you using IP Restrictions in IIS to accomplish?
>>>
>>> I am sure it is possible to develop a perfect tool to manage IP
>>> Restrictions to satisfy your need. I am not certain the utility tool
>>> needs to exist since that depends on design/needs. I am certain that
>>> IIS is not required to provide this tool since it is a platform.
>>>
>>> If this is a public-facing site -- people block IPs on the upstream
>>> router/switch to prevent the blocked IP from consuming the downstream
>>> bandwidth. Using IP Restriction on IIS is about the worst possible
>>> design for this task since the network bandwidth is already consumed.
>>> That has nothing to do with how PITA IIS IP Restrictions are to manage
>>> -- it has everything to do with how badly the solution resolves the
>>> real problem.
>>>
>>> Alternatively, If you are using IP Restriction as a form of
>>> authentication/authorization -- that is also poor design. IP is not a
>>> good indicator for AuthN/AuthZ because it can be forged.
>>>
>>> In short, what are you trying to accomplish with IP Restrictions in
>>> IIS...
>>>
>>> //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang
>>> //
>>
>>
>
>