0

I'm trying to figure out how to block by range on MS IIS 10, but all I can find are partial range blocks (which maybe that's all IIS can do, but I'd like to know that rather than just guess that).

So, for example, the range 10.6.64.0 through 10.150.161.255 is owned by Example Incorporated and hosts malicious scripts and has yet to do anything with the abuse reports I've sent. There is no legitimate case for traffic from that IP range to ever come to the server, so I can safely block it.

If that read 10.6.0.0 to 10.6.255.255 I could just block it with "10.6.0.0" for the range and "255.255.0.0" for the mask, but it's not so cleanly bounded and I'm finding they usually aren't cleanly bounded.

Is there a way to block the whole range in one (or a few) entry, or am I stuck blocking 10.6.64.0 through 10.6.255.0, then 10.7.0.0 through 10.149.0.0 and then 10.150.1.0 through 10.150.161.0 all separately?

Improve this question
3
  • 1
    That doesn't look like it's owned by Amazon to me? Are you limited to prefix masks only (no start-end ranges)?
    – grawity
    Commented May 9, 2023 at 17:23
  • You are correct. I apologize. That example happened to pull back 2 results, 1 for Amazon and the other for the country code range and I accidentally put the country code range in my post instead of the Amazon range. I'm asking for the general case, though, not Amazon specifically. They just happened to be the latest example.
    – Merennulli
    Commented May 9, 2023 at 17:38
  • @user1686 To your second question - the only blanks I have are "IP address range" and "mask or prefix". Every example I've ever found for range uses something like "10.6.0.0" for the range. If there's something else I can be entering there, I'd love to know it.
    – Merennulli
    Commented May 9, 2023 at 17:50

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .