Friday, May 22, 2015

Convert .htaccess deny rules to web.config

Recently I was looking for a easy way to convert a large list of spammer and hacker IP Addresses from Apache .htaccess allow/deny rules into a format I could use on our IIS Server.  I found that there is really no good way to do this but after some work and a bit of coding here is a solution.

This solution will allow you to take a large list of access rules and apply them to an IIS website.  Additionally this is done in a file so there is no need to manually add records.

Collect your List of Rules

I used the following as a general blacklist of malicious and spammer client's to block.  There are other sources or you may have your own list.  Compile all the lists into one file and don't worry about duplicates, the script later on will resolve those.

Convert the Rules to Web.config Equivalents

I have created a simple javascript tool to convert the above lists into web.config rules.  To do this go here and enter all your rules into the first text box.  Make sure you supply all rules at once so that they can be de-duped.  If the list does end up having duplicates then IIS will not start up properly.

Ensure you have the Features Installed

Next log onto your server and make sure that you have the Web Server > Security  > IP and Domain Restrictions role installed.  You may need to add it as it's not selected by default.

Apply your new Rules

Finally open up the web.config files for each of your main sites and add the generated text to the system.webServer/security/ipSecurity section. Save and reload the website to ensure it's working.  

Example Web.config File

No comments: