通过IP地址范围/域限制对网站的访问 [英] Restricting access to a website by IP address range / domain

问题描述

我想根据客户端IP地址限制访问weba应用程序（使用.net 2.0和II6）的最佳方法提供建议。我正在考虑的两种方式：

I would like advice on the best way to restrict access to a weba pplication (using .net 2.0 and II6) based on the clients IP address. The two ways I am considering:

1）通过服务器端代码 - 根据web.config中的IP地址列表检查客户端IP。

1) Through the server side code - check the client I.P against a list of IP addresses within the web.config.

2）通过IIS创建虚拟目录并限制此虚拟目录上的IP地址。

2) Through IIS by creating a virtual directory and restricting the I.P addresses on this virtual directory.

我的问题是，如果我去虚拟目录路由有很多用户访问这个网站，我已经阅读了在每个客户端请求期间进行的反向域查找可以非常服务器资源昂贵。这有多少危险？

My question is if I go the virtual directory route there are a lot of users that access this website and I have read reverse domain lookups made during each client request can be very expensive on server resources. How much of a risj is this?

任何其他建议/想法都非常感谢

Any other suggestions /ideas to doing this would be much appreciated

谢谢提前，

推荐答案

如果你去第二条路线（虚拟目录），除非你过滤，否则不会进行任何反向查询在域名上。如果您要通过IP地址（或地址范围）进行限制，这绝不会发挥作用。

If you go the second route (virtual directory), there will not be any reverse lookups done unless you filter on domain names. If you are restricting by IP addresses (or ranges of addresses), this never comes into play.

请参阅此MS公告：

如果你使用域名限制，
服务器必须为每个请求执行反向
DNS查找，以检查主机注册域名的
。
Microsoft建议您每当
时使用
的IP地址或网络范围。

If you use domain name restrictions, the server has to perform a reverse DNS lookup for each request to check the host's registered domain name. Microsoft recommends that you use an IP address or network range whenever you can.

这篇关于通过IP地址范围/域限制对网站的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！