Rusty Divine

Live, Love, Learn, Teach

IP Address and Domain Restrictions - IIS6 and IPv6

I have a WCF service running on an IIS 6 server that I wanted to restrict access to.  I have one outside domain that has a static IP address, and one internal website that uses the service.

When I checked the IIS logs to see what IP addresses were hitting the service, I saw the expected external IP address, but for the internal address it was in the form of IPv6.  I wanted to use IIS' "IP Address and Domain Restrictions" tool, but IIS 6 does not support IPv6 with this tool (although it looks like IIS7 does, sort of).

The IPv6 in the log file results from a web site installed on the same box as the WCF service that references the WCF service.  So, in the web.config the service reference was something like: http://abc-server/myservice.svc where "abc-server" was the name of my server.  When I changed this to the IP address of the server, like this: http://192.168.111.12/myservice.svc then the IIS logs showed that the internal website was using the IPv4 address instead of the IPv6 one.

At that point it was fairly straight forward.

  1. Open IIS, select the website with the service to protect
  2. Open the IP Address and Domain Restrictions
  3. Add Allow entries for both the external IP address and the 192.168.111.12 internal address
  4. Open the "Edit Feature Settings" link in the right side and select "Deny" for "Access for unspecified clients"; don't check the "Enable Domain Name Restrictions" since we're using IP addresses