20. March 2012 15:47
I have a WCF service running on an IIS 6 server that I wanted to restrict access to. I have one outside domain that has a static IP address, and one internal website that uses the service.
When I checked the IIS logs to see what IP addresses were hitting the service, I saw the expected external IP address, but for the internal address it was in the form of IPv6. I wanted to use IIS' "IP Address and Domain Restrictions" tool, but IIS 6 does not support IPv6 with this tool (although it looks like IIS7 does, sort of).
The IPv6 in the log file results from a web site installed on the same box as the WCF service that references the WCF service. So, in the web.config the service reference was something like: http://abc-server/myservice.svc where "abc-server" was the name of my server. When I changed this to the IP address of the server, like this: http://192.168.111.12/myservice.svc then the IIS logs showed that the internal website was using the IPv4 address instead of the IPv6 one.
At that point it was fairly straight forward.
- Open IIS, select the website with the service to protect
- Open the IP Address and Domain Restrictions
- Add Allow entries for both the external IP address and the 192.168.111.12 internal address
- Open the "Edit Feature Settings" link in the right side and select "Deny" for "Access for unspecified clients"; don't check the "Enable Domain Name Restrictions" since we're using IP addresses