IIS -IP Address and Domain Restrictions for LoadBalanced app using Netscaler

505 views Asked by At

I have a Web App load balanced using Citrix NetScaler between 2 Win Server 2016 servers, IIS 10. As per our business use case, we need to block certain IPs, IP ranges at IIS level. But since it is through netscaler, we are unable to block IPs using IIS > Website > IP Address and Domain Restrictions > Deny Entry. We have done client ip passthrough on Netscaler request headers. But somehow , it is NOT picking on the iis - IP Addess Restrictions to block particular IPs. Please help me here, what will be the reason for this and how to fix this using IIS Configurations, without changing application code . Thanks in advance.

Note : I tried adding "Deny entry" for the IP of my mobile on IIS, but IIS is not picking it.

1

There are 1 answers

0
KaiT On

1: You have to configure the netscaler to name the client ip header x-forwarded-for , this is not the default header name used by netscaler.

2: Further in iis you need to enable "enableProxyMode" in the ip security settings, so that iis will start using http headers for client ip blocking.