使用命令行更新IIS 6 IP限制 [英] Update IIS 6 IP Restrictions using command line

问题描述

我发现下面的命令行用于添加IP地址以限制IIS 7

I found the command line below that is used to add IP addresses to restrict in IIS 7

appcmd set config /section:ipsecurity /+"[ipaddress='10.0.0.1',allowed='false']"

IIS 6是否有等效的命令?

Is there an equivalent command for IIS 6?

谢谢！

推荐答案

否，没有内置的Windows命令可以执行此操作.您可以找到人们为缓解这种情况而编写的脚本的证据.

No, there's no built-in Windows command to do it. You can find evidence of scripts that people have written to mitigate for this.

最终，您要修改名为IPSecurity的配置数据库条目.事情是这样的:可以在顶层(W3SVC服务)中一直将IPSecurity条目设置为单个文件.因此，您可以为以下任意项定义安全性:

Ultimately, you want to modify a metabase entry called IPSecurity. Here's the thing: this IPSecurity entry can be set up at the top level (W3SVC service) all of the way down to individual files. So, you can define security for any of:

• 服务
• 站点
• VDir
• 文件夹
• 文件

您问题中的示例在整个服务范围内，因此您希望定位IIS://localhost/W3SVC.如果您只想配置默认网站，则定位IIS://localhost/W3SVC/1/Root.

The example in your question is service-wide, so you'd want to target IIS://localhost/W3SVC. If you wanted to configure only the default website, you'd target IIS://localhost/W3SVC/1/Root.

一旦您知道要修改的级别，就需要确定匹配IP的处理方式.您显然想阻止. 这意味着您需要修改列表.

Once you know what level you want to modify, you need to identify what the course of action is for a matching IP. You clearly want to block. That means you'll need to modify the IPDeny List.

现在，您只需要使用您选择的语言编写脚本，该脚本就可以通过ADSI连接到配置数据库，并修改IPDeny列表以包含其他IP.

Now you just need to write a script in the language of your choice that connected to the metabase via ADSI and modifies the IPDeny list to include the additional IP.

我已经修改了MSDN页面上的一个参数:

I've modified the one from the MSDN page to take an argument:

  Dim SecObj 
  Dim MyIPSec 
  Dim IPList 

  Set SecObj = GetObject("IIS://LocalHost/W3SVC") 
  Set MyIPSec = SecObj.IPSecurity   
  If (FALSE = MyIPSec.GrantByDefault) Then 
     MyIPSec.GrantByDefault = TRUE 
  End If 

  if WScript.Arguments.Count = 0 then
     WScript.Echo "Missing IP Address"
     WScript.Quit(1)
  end if

  ' WScript.Echo "Adding "  & WScript.Arguments(0)

  IPList = MyIPSec.IPDeny 
  Redim Preserve IPList (Ubound(IPList)+1) 
  IPList (Ubound(IPList)) = WScript.Arguments(0)

  MyIPSec.IPDeny = IPList 
  SecObj.IPSecurity = MyIPSec 
  SecObj.Setinfo 

如果将其另存为blockip.vbs，则可以通过以下方式调用它:

If you save this as blockip.vbs, you can call it with:

wscript blockip.vbs 10.0.0.1

仅供参考，在IIS6上可以正常使用，但只能运行一次，然后在Win7(IIS 7.5)上存在列表后失败.

FYI, This works fine with IIS6, but works once, then fails after the list exists, on Win7 (IIS 7.5).

这篇关于使用命令行更新IIS 6 IP限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！