Blocking access to DNN domains by IP Address


As with all websites, internal or public, it's important to know how to block access to individual IP addresses or IP address ranges. Within the DNN UI, you can block or permit users from logging into your instance but if you need to completely block access to your domains, you'll need to make changes to the DNN web.config file. 

Requirements: Access to DNN source files/folders, IIS access. 

NOTE: The steps following will trigger an automatic application pool restart so it is advisable to do this outside of normal business hours. 

As a best practice, make sure to take a backup of your site before proceeding. 


1. Within your operating system, go to Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.

2. In the Connections menu to the left of the screen, click on the arrow icon to the left of your server name to expand the selection.

3. Click on the arrow icon to the left of Sites to expand this selection.

4. Right-click on the name of your DNN site and select Explore


5. In the folder explorer, find the file web.config and double-click to open in notepad. 

6. Press Ctrl+F and search for "system.webserver"

7. Within this section, find the following (it should be around line 126 or 127.)


8. Copy the following and insert in between the two lines in the above screenshot:

<ipSecurityallowUnlisted="true">    <!-- this line allows everybody, except those listed below -->
<clear/>     <!-- removes all upstream restrictions -->
<addipAddress=""/>     <!-- blocks the specific IP of  -->
<addipAddress=""subnetMask=""/>     <!--blocks network to>
<addipAddress=""subnetMask=""/>     <!--blocks network to>
<addipAddress=""subnetMask=""/>     <!--blocks entire /8 network of to>

In order to validate in step 10, it is advisable to first enter your own IP address for testing.

9. Save the web.config file. This will automatically recycle the application pool and place the blocks in effect. 

10. Navigate to your specific DNN URL to validate that the changes have been made by confirming a 403 Error Page is displayed. 

11. Repeat steps 1 through 6 above and replace your IP address with the actual IP address or range of addresses to be blocked. 



Please sign in to leave a comment.