Deny access from internet to DirectSmile Integration Server settings

The DirectSmile Integration Server front end is using https and Forms authentication to authenticate and authorize DSMI accounts. That is a common way to ensure security and to allow access to specific users.

On top of that you can add extra security to restrict access to specific parts in DSMI.

Using IP Address Domain Restrictions in IIS 7/8

To restrict the access to the server settings from the internet for instance, you can add the IIS feature called IP Address Domain Restrictions.

image

This feature enables client IP based  restrictions for a whole web site or a specific sub folder of an IIS applications. For the server settings example, this means that you want to add a restriction just for the ServerSettings subfolder.

 image

Setting up such a restriction is easy, all you need to deny the access from unspecified clients in the feature settings.

image

Now we are denying every request, what is secure. Now we add an exception to allow requests from the local hostm only.

image

Clients trying to access the DSMI server settings, will now recieve a 403:

image

While the server settings are still accessible from the local machine.

Advertisements