Before I get started, I will agree that IP-based security is not the best method for security and denying/allowing access on a network, but given my situation, the scope of my project, and the time I have to complete it, it is the quickest method I can implement now, and update later with something else... That being said...
I was looking into using the IP security control, which can be added to IIS (at least on a Windows Server, not sure about a desktop PC running IIS).
Anyway, I want to check something about setting up the allow/deny permissions.
In the Microsoft help, it says for allowing an IP range, you set the lowest IP address in the range. Then, you would create a Deny permission and set the lowest IP address in the range that needs to be denied. If I'm understanding this correctly, so all IP addresses from the lowest one set in the Allow permission setting, all the way up to the IP address set in the Deny permission would be allowed to access the site. IP addresses beyond that of the one specified for the Deny permission would be denied access. Is this the correct want to interpret this? I was hoping that the configuration of allow and deny would be easier, like saying "Allow 192.168.1.1 - 192.168.1.199" and then "Deny 192.168.1.200 - 192.168.255.255".
Can anyone explain how the configuration of Allow/Deny permissions works in IIS's IP based security? Baiscally, I want to allow all PCs that are in our DHCP scope of our local network to have access to the ASP.NET site, and anyone else outside that range, to be denied access, including our firewall (as we don't want access from the outside), as well as other servers and printers (which have static IPs and are NOT part of the DHCP lease pool anyway).