[TUT] Prevent Direct IP IIS Flood using CloudFlare

Results 1 to 4 of 4
  1. #1
    xHosts G0D NOC is offline
    Gold SubscriberRank
    Sep 2011 Join Date
    Liverpool, UKLocation
    832Posts

    [TUT] Prevent Direct IP IIS Flood using CloudFlare

    [TUT] Prevent Direct IP IIS Flood using CloudFlare
    Hey everyone

    I have had many customers contacting me because of others in the community or ex technical staff on their hotels flooding the IIS directly as they had knowledge of the servers IP address. This may help people that are using providers who will not provide support on such issues or may charge a fee to change an IP address.

    This will work on any version of IIS

    Firstly you need to download IP Address and Domain Restrictions this can be done via the Microsoft website or using web platform installer, in this tutorial I will use web platform installer

    Depending on your server providers DDOS protection by using this method you may not need a TCP proxy




    You need to choose this option



    Once this has installed, return to IIS main page and select the IP address and Domain Restrictions icon




    Once you have opened this tab, right click and choose Add Allow Entry



    Now you can begin to add IP addresses to the allowed list, as this tutorial is showing you how to allow CloudFlare IP addresses only I will show you how to add these ranges, thew same method applies to both IPv4 and IPv6

    You can find the latest IP ranges list here on the CloudFlare website

    https://www.cloudflare.com/ips/

    You add the IP address and the number after the slash into the Mask or Prefix box, you do this for each range from the CloudFlare website



    Next you need to Configure IIS to enforce the allowed list




    You need to select the Edit Feature Settings option on the right side of the IP and Domain Restrictions window you have open




    You need to now set the Access for unspecified clients to Deny



    You need to set the Deny action type to Abort or the connections will still be allowed to make an attempted connection making this useless

    If you need to still access your server locally add 127.0.0.1 to the allowed list and visit http://127.0.0.1 instead of http://localhost

    This will not stop all DDOS attacks but can help prevent direct IIS flooding and possibly remove the need for a TCP proxy too.


  2. #2
    Member sunnie is offline
    MemberRank
    Mar 2011 Join Date
    75Posts

    Re: [TUT] Prevent Direct IP IIS Flood using CloudFlare

    Thanks man! I had a support on devbest, i used this tutorial!
    Really thanks for this tut!

  3. #3
    Yeah nah, nah yeah Liam is offline
    GammaRank
    Dec 2011 Join Date
    Down underLocation
    2,937Posts

    Re: [TUT] Prevent Direct IP IIS Flood using CloudFlare

    For anyone who would be running off alternative options such as Nginx, Apache, or other webservers - you can also find a "Whitelist" type plugin/firewall and use the same concept. It's generally easier to whitelist rather than blacklist in these instances, as it will help to prevent unauthorized access and doing so can throw-off people as it would appear they have the wrong IP address.

    Good tutorial @NOC - the implementation of small things such as this whitelist is one of many crucial components to successfully setting up a secure virtual server. I think people, especially new people to virtual hosting, have no idea that there's more to it than just purchasing a VPS and away you go.
    ): /sadface
    "i want 2 dollar"


  4. #4
    xHosts G0D NOC is offline
    Gold SubscriberRank
    Sep 2011 Join Date
    Liverpool, UKLocation
    832Posts

    Re: [TUT] Prevent Direct IP IIS Flood using CloudFlare

    Quote Originally Posted by Liam View Post
    For anyone who would be running off alternative options such as Nginx, Apache, or other webservers - you can also find a "Whitelist" type plugin/firewall and use the same concept. It's generally easier to whitelist rather than blacklist in these instances, as it will help to prevent unauthorized access and doing so can throw-off people as it would appear they have the wrong IP address.

    Good tutorial @NOC - the implementation of small things such as this whitelist is one of many crucial components to successfully setting up a secure virtual server. I think people, especially new people to virtual hosting, have no idea that there's more to it than just purchasing a VPS and away you go.
    I am always ready to give advice from my own experiences, I remember buying my first server in very early teens which is 17 + years ago now and thought it was simple thing, buy VPS, setup web server, sql and away I go but learnt a lot over the years and found security is even more important these days with the amount of people ready to attack a website for no real reason other than to get their rocks off over copy and pasting a IP address and clicking the big red button.



Advertisement