Is there a way with IIS 6 to redirect an incoming request if it is from a
specific IP address? I don't want to block it as such, I want to make it
direct to an website for 'banned' IPs.

The server hosts around 30 sites, but we have two or three persistent
fixed IPs that come in that we would like to intercept and point
elsewhere.

Is there an easy way to do this, or am I going to have to install scripts
in all sites to do it?
--
begin broken-news-reader.exe

On Jul 2, 12:02*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> Is there a way with IIS 6 to redirect an incoming request if it is from a
> specific IP address? I don't want to block it as such, I want to make it
> direct to an website for 'banned' IPs.
>
> The server hosts around 30 sites, but we have two or three persistent
> fixed IPs that come in that we would like to intercept and point
> elsewhere.
>
> Is there an easy way to do this, or am I going to have to install scripts
> in all sites to do it?
> --
> begin *broken-news-reader.exe


I would write a simple ISAPI Filter to do this extension of IIS
behavior.

Built-in Redirection and IP Restriction are not conditional.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:

> On Jul 2, 12:02Â*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>> Is there a way with IIS 6 to redirect an incoming request if it is from
>> a specific IP address? I don't want to block it as such, I want to make
>> it direct to an website for 'banned' IPs.
>>
>> The server hosts around 30 sites, but we have two or three persistent
>> fixed IPs that come in that we would like to intercept and point
>> elsewhere.
>>
>> Is there an easy way to do this, or am I going to have to install
>> scripts in all sites to do it?
>> --
>> begin Â*broken-news-reader.exe
>
>
> I would write a simple ISAPI Filter to do this extension of IIS
> behavior.
>
> Built-in Redirection and IP Restriction are not conditional.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //

Expand on this David please as I have no idea how I would start to write
a simple ISAPI filter or even which language it would be written in. I
don't mind looking into doing this.

--
begin broken-news-reader.exe

On Jul 2, 11:29*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:
> > On Jul 2, 12:02*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> >> Is there a way with IIS 6 to redirect an incoming request if it is from
> >> a specific IP address? I don't want to block it as such, I want to make
> >> it direct to an website for 'banned' IPs.
>
> >> The server hosts around 30 sites, but we have two or three persistent
> >> fixed IPs that come in that we would like to intercept and point
> >> elsewhere.
>
> >> Is there an easy way to do this, or am I going to have to install
> >> scripts in all sites to do it?
> >> --
> >> begin *broken-news-reader.exe
>
> > I would write a simple ISAPI Filter to do this extension of IIS
> > behavior.
>
> > Built-in Redirection and IP Restriction are not conditional.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> Expand on this David please as I have no idea how I would start to write
> a simple ISAPI filter or even which language it would be written in. I
> don't mind looking into doing this.
>
> --
> begin *broken-news-reader.exe- Hide quoted text -
>
> - Show quoted text -


You can find ISAPI Filter documentation on MSDN for all the API basics
(i.e. how to call things).

A sketch of what you need to do, in order:
1. Listen for SF_NOTIFY_PREPROC_HEADERS event
2. GetServerVariable("REMOTE_ADDR") to find the IP the client sent
3. Test the results of #2, and either send a 302 redirection or send
back a static HTML page representing the "banned" website. Since the
filter sent back a complete response in this step, you must return
SF_STATUS_REQ_FINISHED


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

On Thu, 03 Jul 2008 13:37:51 -0700, David Wang wrote:

> On Jul 2, 11:29Â*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>> On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:
>> > On Jul 2, 12:02Â*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>> >> Is there a way with IIS 6 to redirect an incoming request if it is
>> >> from a specific IP address? I don't want to block it as such, I want
>> >> to make it direct to an website for 'banned' IPs.
>>
>> >> The server hosts around 30 sites, but we have two or three
>> >> persistent fixed IPs that come in that we would like to intercept
>> >> and point elsewhere.
>>
>> >> Is there an easy way to do this, or am I going to have to install
>> >> scripts in all sites to do it?
>> >> --
>> >> begin Â*broken-news-reader.exe
>>
>> > I would write a simple ISAPI Filter to do this extension of IIS
>> > behavior.
>>
>> > Built-in Redirection and IP Restriction are not conditional.
>>
>> > //David
>> >http://w3-4u.blogspot.com
>> >http://blogs.msdn.com/David.Wang
>> > //
>>
>> Expand on this David please as I have no idea how I would start to
>> write a simple ISAPI filter or even which language it would be written
>> in. I don't mind looking into doing this.
>>
>> --
>> begin Â*broken-news-reader.exe- Hide quoted text -
>>
>> - Show quoted text -
>
>
> You can find ISAPI Filter documentation on MSDN for all the API basics
> (i.e. how to call things).
>
> A sketch of what you need to do, in order: 1. Listen for
> SF_NOTIFY_PREPROC_HEADERS event 2. GetServerVariable("REMOTE_ADDR") to
> find the IP the client sent 3. Test the results of #2, and either send a
> 302 redirection or send back a static HTML page representing the
> "banned" website. Since the filter sent back a complete response in this
> step, you must return SF_STATUS_REQ_FINISHED
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
Thanks for the response David.

My feeling is it may be bit excessive to learn something like C++ to do
this. It is like using a sledgehammer to crack a nut.

I've found I can do it with ease with Apache and with only one site left
running .asp I think it will be easier for me to rewrite that in php and
drop IIS all together.

I could drop in a script on every site that check the IP and redirects on
that, but it would be messy like that.

Thank you anyway.

--
begin broken-news-reader.exe

A wrote on 04 Jul 2008 07:10:05 GMT:

> On Thu, 03 Jul 2008 13:37:51 -0700, David Wang wrote:

>> On Jul 2, 11:29 pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>>> On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:
>>>> On Jul 2, 12:02 pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>>>>> Is there a way with IIS 6 to redirect an incoming request if it is
>>>>> from a specific IP address? I don't want to block it as such, I
>>>>> want to make it direct to an website for 'banned' IPs.

>>>>> The server hosts around 30 sites, but we have two or three
>>>>> persistent fixed IPs that come in that we would like to intercept
>>>>> and point elsewhere.

>>>>> Is there an easy way to do this, or am I going to have to install
>>>>> scripts in all sites to do it?
>>>>> --
>>>>> begin broken-news-reader.exe

>>>> I would write a simple ISAPI Filter to do this extension of IIS
>>>> behavior.

>>>> Built-in Redirection and IP Restriction are not conditional.

>>>> //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang
>>>> //

>>> Expand on this David please as I have no idea how I would start to
>>> write a simple ISAPI filter or even which language it would be
>>> written in. I don't mind looking into doing this.

>>> --
>>> begin broken-news-reader.exe- Hide quoted text -

>>> - Show quoted text -


>> You can find ISAPI Filter documentation on MSDN for all the API
>> basics (i.e. how to call things).

>> A sketch of what you need to do, in order: 1. Listen for
>> SF_NOTIFY_PREPROC_HEADERS event 2. GetServerVariable("REMOTE_ADDR")
>> to find the IP the client sent 3. Test the results of #2, and either
>> send a 302 redirection or send back a static HTML page representing
>> the "banned" website. Since the filter sent back a complete response
>> in this step, you must return SF_STATUS_REQ_FINISHED


>> //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang //
> Thanks for the response David.

> My feeling is it may be bit excessive to learn something like C++ to do
> this. It is like using a sledgehammer to crack a nut.

> I've found I can do it with ease with Apache and with only one site
> left running .asp I think it will be easier for me to rewrite that in
> php and drop IIS all together.

> I could drop in a script on every site that check the IP and redirects
> on that, but it would be messy like that.

> Thank you anyway.

How about using ISAPI Rewrite? http://www.isapirewrite.com/

The Lite version is free, but this free version doesn't support per-site
configurations. However, if you only have one site on IIS then that's all
you need. You could set up a condition checking the REMOTE_ADDR header, and
set back the appropriate response or redirect to page on the site (making
sure that requests to this page aren't passed through the same rewrite rule
though or else you could end up with a loop).

--
Dan

On Mon, 07 Jul 2008 11:12:58 +0100, Daniel Crichton wrote:

> A wrote on 04 Jul 2008 07:10:05 GMT:
>
>> On Thu, 03 Jul 2008 13:37:51 -0700, David Wang wrote:
>
> >> On Jul 2, 11:29 pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> >>> On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:
> >>>> On Jul 2, 12:02 pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> >>>>> Is there a way with IIS 6 to redirect an incoming request if it
> >>>>> is from a specific IP address? I don't want to block it as such,
> >>>>> I want to make it direct to an website for 'banned' IPs.
>
> >>>>> The server hosts around 30 sites, but we have two or three
> >>>>> persistent fixed IPs that come in that we would like to intercept
> >>>>> and point elsewhere.
>
> >>>>> Is there an easy way to do this, or am I going to have to install
> >>>>> scripts in all sites to do it?
> >>>>> --
> >>>>> begin broken-news-reader.exe
>
> >>>> I would write a simple ISAPI Filter to do this extension of IIS
> >>>> behavior.
>
> >>>> Built-in Redirection and IP Restriction are not conditional.
>
> >>>> //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang
> >>>> //
>
> >>> Expand on this David please as I have no idea how I would start to
> >>> write a simple ISAPI filter or even which language it would be
> >>> written in. I don't mind looking into doing this.
>
> >>> --
> >>> begin broken-news-reader.exe- Hide quoted text -
>
> >>> - Show quoted text -
>
>
> >> You can find ISAPI Filter documentation on MSDN for all the API
> >> basics (i.e. how to call things).
>
> >> A sketch of what you need to do, in order: 1. Listen for
> >> SF_NOTIFY_PREPROC_HEADERS event 2. GetServerVariable("REMOTE_ADDR")
> >> to find the IP the client sent 3. Test the results of #2, and either
> >> send a 302 redirection or send back a static HTML page representing
> >> the "banned" website. Since the filter sent back a complete response
> >> in this step, you must return SF_STATUS_REQ_FINISHED
>
>
> >> //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang
> >> //
>> Thanks for the response David.
>
>> My feeling is it may be bit excessive to learn something like C++ to do
>> this. It is like using a sledgehammer to crack a nut.
>
>> I've found I can do it with ease with Apache and with only one site
>> left running .asp I think it will be easier for me to rewrite that in
>> php and drop IIS all together.
>
>> I could drop in a script on every site that check the IP and redirects
>> on that, but it would be messy like that.
>
>> Thank you anyway.
>
> How about using ISAPI Rewrite? http://www.isapirewrite.com/
>
> The Lite version is free, but this free version doesn't support per-site
> configurations. However, if you only have one site on IIS then that's
> all you need. You could set up a condition checking the REMOTE_ADDR
> header, and set back the appropriate response or redirect to page on the
> site (making sure that requests to this page aren't passed through the
> same rewrite rule though or else you could end up with a loop).

Thanks for the response Daniel. The site, which only had a little .asp
code to it, has been retrofitted to PHP and moved to apache where what I
wanted to achieve was easy and free - thus dropping the need for IIS.

The response may well come in useful for someone else searching
google.groups in the future, so thanks for taking the time.


--
Dog walks down the road. Gust of wind. Dog inside out.
I've replaced my 'old joke' signature because a better man than me told
me to ;-)

On Jul 4, 12:10*am, A J Hawke <a...@lawlessland.co.uk> wrote:
> On Thu, 03 Jul 2008 13:37:51 -0700, David Wang wrote:
> > On Jul 2, 11:29*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> >> On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:
> >> > On Jul 2, 12:02*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
> >> >> Is there a way with IIS 6 to redirect an incoming request if it is
> >> >> from a specific IP address? I don't want to block it as such, I want
> >> >> to make it direct to an website for 'banned' IPs.
>
> >> >> The server hosts around 30 sites, but we have two or three
> >> >> persistent fixed IPs that come in that we would like to intercept
> >> >> and point elsewhere.
>
> >> >> Is there an easy way to do this, or am I going to have to install
> >> >> scripts in all sites to do it?
> >> >> --
> >> >> begin *broken-news-reader.exe
>
> >> > I would write a simple ISAPI Filter to do this extension of IIS
> >> > behavior.
>
> >> > Built-in Redirection and IP Restriction are not conditional.
>
> >> > //David
> >> >http://w3-4u.blogspot.com
> >> >http://blogs.msdn.com/David.Wang
> >> > //
>
> >> Expand on this David please as I have no idea how I would start to
> >> write a simple ISAPI filter or even which language it would be written
> >> in. I don't mind looking into doing this.
>
> >> --
> >> begin *broken-news-reader.exe- Hide quoted text -
>
> >> - Show quoted text -
>
> > You can find ISAPI Filter documentation on MSDN for all the API basics
> > (i.e. how to call things).
>
> > A sketch of what you need to do, in order: 1. Listen for
> > SF_NOTIFY_PREPROC_HEADERS event 2. GetServerVariable("REMOTE_ADDR") to
> > find the IP the client sent 3. Test the results of #2, and either send a
> > 302 redirection or send back a static HTML page representing the
> > "banned" website. Since the filter sent back a complete response in this
> > step, you must return SF_STATUS_REQ_FINISHED
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //
>
> Thanks for the response David.
>
> My feeling is it may be bit excessive to learn something like C++ to do
> this. It is like using a sledgehammer to crack a nut.
>
> I've found I can do it with ease with Apache and with only one site left
> running .asp I think it will be easier for me to rewrite that in php and
> drop IIS all together.
>
> I could drop in a script on every site that check the IP and redirects on
> that, but it would be messy like that.
>
> Thank you anyway.
>
> --
> begin *broken-news-reader.exe- Hide quoted text -
>
> - Show quoted text -



Actually, it is easy with Apache only because someone had already done
the Open Source C++ work in the form of an extension module and
integrated it into Apache dotfiles. In a side-by-side comparison, IIS
and Apache are pretty equivalent in abilities (IIS is actually
technically superior in many ways and more fully leverages Windows
advantages in comparison, but that is expected, given Apache's cross-
platform, common-denominator approach). However, in terms of extension
modules, Apache has a much larger library. When talking about Apache
and comparing with IIS, one has to know between the web server vs its
extension modules.

Thus, the same feature is possible with IIS, except the IIS community
is such that the C++ work is often private and not shared. I would
characterize this difference with its software support -- IIS users
tend to require documentable support (i.e. someone, not me, has got to
be responsible for this code in production), while Apache users are
open to experimenting with community support. There's no right/wrong;
only a matter of risk tolerance, tempered by available skills.

If you are looking for a free solution for your sort of redirection,
the sites does not really have any ties to IIS or other Windows-
related technologies, and you are open to the OSS model of support,
then Apache is the preferred leading solution.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

On Mon, 07 Jul 2008 12:22:28 -0700, David Wang wrote:

> On Jul 4, 12:10Â*am, A J Hawke <a...@lawlessland.co.uk> wrote:
>> On Thu, 03 Jul 2008 13:37:51 -0700, David Wang wrote:
>> > On Jul 2, 11:29Â*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>> >> On Wed, 02 Jul 2008 13:20:17 -0700, David Wang wrote:
>> >> > On Jul 2, 12:02Â*pm, A J Hawke <a...@lawlessland.co.uk> wrote:
>> >> >> Is there a way with IIS 6 to redirect an incoming request if it
>> >> >> is from a specific IP address? I don't want to block it as such,
>> >> >> I want to make it direct to an website for 'banned' IPs.
>>
>> >> >> The server hosts around 30 sites, but we have two or three
>> >> >> persistent fixed IPs that come in that we would like to intercept
>> >> >> and point elsewhere.
>>
>> >> >> Is there an easy way to do this, or am I going to have to install
>> >> >> scripts in all sites to do it?
>> >> >> --
>> >> >> begin Â*broken-news-reader.exe
>>
>> >> > I would write a simple ISAPI Filter to do this extension of IIS
>> >> > behavior.
>>
>> >> > Built-in Redirection and IP Restriction are not conditional.
>>
>> >> > //David
>> >> >http://w3-4u.blogspot.com
>> >> >http://blogs.msdn.com/David.Wang
>> >> > //
>>
>> >> Expand on this David please as I have no idea how I would start to
>> >> write a simple ISAPI filter or even which language it would be
>> >> written in. I don't mind looking into doing this.
>>
>> >> --
>> >> begin Â*broken-news-reader.exe- Hide quoted text -
>>
>> >> - Show quoted text -
>>
>> > You can find ISAPI Filter documentation on MSDN for all the API
>> > basics (i.e. how to call things).
>>
>> > A sketch of what you need to do, in order: 1. Listen for
>> > SF_NOTIFY_PREPROC_HEADERS event 2. GetServerVariable("REMOTE_ADDR")
>> > to find the IP the client sent 3. Test the results of #2, and either
>> > send a 302 redirection or send back a static HTML page representing
>> > the "banned" website. Since the filter sent back a complete response
>> > in this step, you must return SF_STATUS_REQ_FINISHED
>>
>> > //David
>> >http://w3-4u.blogspot.com
>> >http://blogs.msdn.com/David.Wang
>> > //
>>
>> Thanks for the response David.
>>
>> My feeling is it may be bit excessive to learn something like C++ to do
>> this. It is like using a sledgehammer to crack a nut.
>>
>> I've found I can do it with ease with Apache and with only one site
>> left running .asp I think it will be easier for me to rewrite that in
>> php and drop IIS all together.
>>
>> I could drop in a script on every site that check the IP and redirects
>> on that, but it would be messy like that.
>>
>> Thank you anyway.
>>
>> --
>> begin Â*broken-news-reader.exe- Hide quoted text -
>>
>> - Show quoted text -
>
>
>
> Actually, it is easy with Apache only because someone had already done
> the Open Source C++ work in the form of an extension module and
> integrated it into Apache dotfiles. In a side-by-side comparison, IIS
> and Apache are pretty equivalent in abilities (IIS is actually
> technically superior in many ways and more fully leverages Windows
> advantages in comparison, but that is expected, given Apache's cross-
> platform, common-denominator approach). However, in terms of extension
> modules, Apache has a much larger library. When talking about Apache and
> comparing with IIS, one has to know between the web server vs its
> extension modules.
>
> Thus, the same feature is possible with IIS, except the IIS community is
> such that the C++ work is often private and not shared. I would
> characterize this difference with its software support -- IIS users tend
> to require documentable support (i.e. someone, not me, has got to be
> responsible for this code in production), while Apache users are open to
> experimenting with community support. There's no right/wrong; only a
> matter of risk tolerance, tempered by available skills.
>
> If you are looking for a free solution for your sort of redirection, the
> sites does not really have any ties to IIS or other Windows- related
> technologies, and you are open to the OSS model of support, then Apache
> is the preferred leading solution.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //

I don't think we need to do the whole apache -v- iis debate. It is often
cruelly said that to compromise the security of an apache server is
simple. Run it on windows - but I don't necessarily agree with that.

I've always made use of cost effective solutions be they open source or
not. I run Linux, I run XP and I run Server 2003. I'm not anal or
religious about it. I'll use what provides the required functionality at
the best price.

In a web world where coders can't even write resilient scripts that to
protect against SQL injection, I don't tend to be too trusting of
anything coded that cannot be scrutinised.

--
Dog walks down the road. Gust of wind. Dog inside out.
I've replaced my 'old joke' signature because a better man than me told
me to ;-)