使用命令行更新IIS 6 IP限制 [英] Update IIS 6 IP Restrictions using command line
问题描述
我发现下面的命令行用于添加IP地址以限制IIS 7
I found the command line below that is used to add IP addresses to restrict in IIS 7
appcmd set config /section:ipsecurity /+"[ipaddress='10.0.0.1',allowed='false']"
IIS 6是否有等效的命令?
Is there an equivalent command for IIS 6?
谢谢!
推荐答案
否,没有内置的Windows命令可以执行此操作.您可以找到人们为缓解这种情况而编写的脚本的证据.
No, there's no built-in Windows command to do it. You can find evidence of scripts that people have written to mitigate for this.
最终,您要修改名为IPSecurity
的配置数据库条目.事情是这样的:可以在顶层(W3SVC服务)中一直将IPSecurity条目设置为单个文件.因此,您可以为以下任意项定义安全性:
Ultimately, you want to modify a metabase entry called IPSecurity
. Here's the thing: this IPSecurity entry can be set up at the top level (W3SVC service) all of the way down to individual files. So, you can define security for any of:
- 服务
- 站点
- VDir
- 文件夹
- 文件
您问题中的示例在整个服务范围内,因此您希望定位IIS://localhost/W3SVC
.如果您只想配置默认网站,则定位IIS://localhost/W3SVC/1/Root
.
The example in your question is service-wide, so you'd want to target IIS://localhost/W3SVC
. If you wanted to configure only the default website, you'd target IIS://localhost/W3SVC/1/Root
.
一旦您知道要修改的级别,就需要确定匹配IP的处理方式.您显然想阻止. 这意味着您需要修改
Once you know what level you want to modify, you need to identify what the course of action is for a matching IP. You clearly want to block. That means you'll need to modify the IPDeny
List.
现在,您只需要使用您选择的语言编写脚本,该脚本就可以通过ADSI连接到配置数据库,并修改IPDeny列表以包含其他IP.
Now you just need to write a script in the language of your choice that connected to the metabase via ADSI and modifies the IPDeny list to include the additional IP.
我已经修改了MSDN页面上的一个参数:
I've modified the one from the MSDN page to take an argument:
Dim SecObj
Dim MyIPSec
Dim IPList
Set SecObj = GetObject("IIS://LocalHost/W3SVC")
Set MyIPSec = SecObj.IPSecurity
If (FALSE = MyIPSec.GrantByDefault) Then
MyIPSec.GrantByDefault = TRUE
End If
if WScript.Arguments.Count = 0 then
WScript.Echo "Missing IP Address"
WScript.Quit(1)
end if
' WScript.Echo "Adding " & WScript.Arguments(0)
IPList = MyIPSec.IPDeny
Redim Preserve IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = WScript.Arguments(0)
MyIPSec.IPDeny = IPList
SecObj.IPSecurity = MyIPSec
SecObj.Setinfo
如果将其另存为blockip.vbs
,则可以通过以下方式调用它:
If you save this as blockip.vbs
, you can call it with:
wscript blockip.vbs 10.0.0.1
仅供参考,在IIS6上可以正常使用,但只能运行一次,然后在Win7(IIS 7.5)上存在列表后失败.
FYI, This works fine with IIS6, but works once, then fails after the list exists, on Win7 (IIS 7.5).
这篇关于使用命令行更新IIS 6 IP限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!