Overview
If you would like to restrict users for particular pages which is not possible for the login IP filtering feature, we could use the IIS rewrite module on the server, and add certain rewrite rules to the web.config in order to block requests to specific resources or request types.
Solution
As an example, if you would like to block access to a specific page such as the /login page, a rule can be added to the web.config file of the root DNN website folder so that all requests for this page are redirected to another page.
This rule can be placed in the rewrite tag inside the system.webServer tag in the web.config file.
<system.webServer>
<rewrite>
<rule name="Block X Page" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="(www.mywebsite.com)" />
<add input="{PATH_INFO}" pattern="/login" />
</conditions>
<action type="Redirect" url="https://www.otherpage.com/" />
</rule>
</rewrite>
</system.webServer>
In another example, we could also change the action to return a 401 Unauthorized response or to abort the request. This should block any IP addresses that are not under the whitelisted comment.
<system.webServer>
<rewrite>
<rules>
<rule name="Intranet Rule" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="www.website.com" />
<!--Whitelisted IP Addresses Go Here-->
<add input="{HTTP_X_FORWARDED_FOR}" pattern="123.456.789.10" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
</rules>
</rewrite>
</system.webServer>
After applying the rule to the web.config file through a notepad editor, make sure to save the file.
Testing
You can simply test if this works by:
1. In the first example, accessing the specific page that you have restricted to see if you are being redirected.
2. In the second example, by accessing the page through an IP address with a VPN.
Comments
0 comments
Please sign in to leave a comment.