[TUT] Prevent Direct IP IIS Flood using CloudFlare

[NOC]

Hey everyone

I have had many customers contacting me because of others in the community or ex technical staff on their hotels flooding the IIS directly as they had knowledge of the servers IP address. This may help people that are using providers who will not provide support on such issues or may charge a fee to change an IP address.

This will work on any version of IIS

Firstly you need to download IP Address and Domain Restrictions this can be done via the Microsoft website or using web platform installer, in this tutorial I will use web platform installer

Depending on your server providers DDOS protection by using this method you may not need a TCP proxy




You need to choose this option



Once this has installed, return to IIS main page and select the IP address and Domain Restrictions icon




Once you have opened this tab, right click and choose Add Allow Entry



Now you can begin to add IP addresses to the allowed list, as this tutorial is showing you how to allow CloudFlare IP addresses only I will show you how to add these ranges, thew same method applies to both IPv4 and IPv6

You can find the latest IP ranges list here on the CloudFlare website

https://www.cloudflare.com/ips/

You add the IP address and the number after the slash into the Mask or Prefix box, you do this for each range from the CloudFlare website



Next you need to Configure IIS to enforce the allowed list




You need to select the Edit Feature Settings option on the right side of the IP and Domain Restrictions window you have open




You need to now set the Access for unspecified clients to Deny



You need to set the Deny action type to Abort or the connections will still be allowed to make an attempted connection making this useless

If you need to still access your server locally add 127.0.0.1 to the allowed list and visit http://127.0.0.1 instead of http://localhost

This will not stop all DDOS attacks but can help prevent direct IIS flooding and possibly remove the need for a TCP proxy too.

[MentaL_BOT]

[sunnie]

Thanks man! I had a support on devbest, i used this tutorial!
Really thanks for this tut!

[Liam]

For anyone who would be running off alternative options such as Nginx, Apache, or other webservers - you can also find a "Whitelist" type plugin/firewall and use the same concept. It's generally easier to whitelist rather than blacklist in these instances, as it will help to prevent unauthorized access and doing so can throw-off people as it would appear they have the wrong IP address.

Good tutorial @NOC - the implementation of small things such as this whitelist is one of many crucial components to successfully setting up a secure virtual server. I think people, especially new people to virtual hosting, have no idea that there's more to it than just purchasing a VPS and away you go.

[NOC]

For anyone who would be running off alternative options such as Nginx, Apache, or other webservers - you can also find a "Whitelist" type plugin/firewall and use the same concept. It's generally easier to whitelist rather than blacklist in these instances, as it will help to prevent unauthorized access and doing so can throw-off people as it would appear they have the wrong IP address.

Good tutorial @NOC - the implementation of small things such as this whitelist is one of many crucial components to successfully setting up a secure virtual server. I think people, especially new people to virtual hosting, have no idea that there's more to it than just purchasing a VPS and away you go.

I am always ready to give advice from my own experiences, I remember buying my first server in very early teens which is 17 + years ago now and thought it was simple thing, buy VPS, setup web server, sql and away I go but learnt a lot over the years and found security is even more important these days with the amount of people ready to attack a website for no real reason other than to get their rocks off over copy and pasting a IP address and clicking the big red button.