If you need to block an IP, or range of IP addresses on your Windows Server 2008 or 2012 Server for security reasons you may do so by following the instructions below.  If there is an IP range of a specific country you need to block and are unsure of the IP addresses allocated to the country please visit blockacountry.com to locate it's allocated IP address.

 

Note:  Due to restrictions in our Domain Policy if you need to restrict RDP access to your server to only selected IP addresses you will need to use the instructions in our Restrict RDP Access by IP Address article.


Please take caution when blocking a large range of IP addresses as this will stop anyone in that range from accessing any sites on your server.  If a restore of your server is required to regain access an additional charge may apply.

 

Setting up the IP Policy

  1. Log into your dedicated server using Remote Desktop.
  2. Click Start > Run >type MMC press OK.
  3. In the console click File > Add/Remove Snap in.
  4. Select the IP Security Policy Managment item in the Available snap-ins list click the Add button.
  5. Leave Local Computer checked and click Finish and then OK. You should now be back to the console.
  6. If no Security Policy exists yet, in the Left frame right click IP Security Policies on Local Computer and then click Create IP Security Policy then continue to next step.  If a Security Policy does exist, right click on it in the Right pane and click Properties then continue to next section (Setting up the IP Filters)
  7. Click Next on the first page of the Wizard
  8. Name your IP Security Policy and provide a description if desired, then click Next.
  9. Check the box for the Activate the default response rule option then click Next.
  10. Leave the Active Directory default option on the Default Response Rule Authentication Methodpage selected and click Next.
  11. On the final page of the Wizard leave the Edit properties option checked and click Finish. You should now have the properties window open.


Setting up the IP Filters to ALLOW access

 

  1. Click Add then click Next to continue.
  2. Leave This rule does not specify a tunnel selected and click Next.
  3. Leave all network connections selected and click Next.
  4. You should now be on the IP filter list. You need to create a new filter, so don't select any of the default ones. Click Add.
  5. Type a Name for your list, and a Description if desired.
  6. Leave Mirrored. Match packets with the exact opposite source and destination addresses checked. Click Next.
  7. Select A specific IP Address of Subnet as the Source address, enter the IP of Subnet you want to allow (see note above for Managed.com subnets) then click Next.
  8. You can now select A Specific IP Address or Any IP Address for the Destination address.
  9. Select the Protocol Type you wish to allow access to. Click Next and then Finish.
  10. Complete the steps above for each additional IP address you want to add to the Filter.
  11. Once you have added all the required IP Addresses to the list click OK.
  12. Select the list you have just created from the IP Filter List and click Next.
  13. In the Filter Action box click Add to create a new Action for the List you've selected.
  14. Click Next on the first page of the Filter Action Wizard
  15. Give your action a name such as AllowConnection and click Next.
  16. Select the Permit radio button and click Next.
  17. Click Finish.
  18. Select the Filter Action you've just created and click Next then Finish.
  19. Click OK to close the RDP Policy Properties box.

Once you have added the filter to ALLOW access, follow the steps block unwanted access to the server or particular protocols.



Setting up the IP Filters to BLOCK access

 

Using Any IP Address as the IP Traffic Source will block access from all sources and is not recommended unless blocking access to a single protocol such as RDP, you will first need to complete the steps above to allow access to the Managed.com subnet, and any other IP addresses you wish to allow access to your server.

  1. Click Add then click Next to continue.
  2. Leave This rule does not specify a tunnel selected and click Next.
  3. Leave all network connections selected and click Next.
  4. You should now be on the IP filter list. You need to create a new filter, so don't select any of the default ones. ClickAdd.
  5. Type a Name for your list, and a Description if desired.
  6. Click Add... then click Next to continue.
  7. In the description box type a description.
  8. Leave Mirrored. Match packets with the exact opposite source and destination addresseschecked. Click Next.
  9. Select the Source of the traffic you with to block then click Next. 
  10. You can now select A Specific IP Address or Any IP Address for the Destination address.
  11. If you have selected A specific IP Address, type in the IP Address you want to block. Click Next.
  12. Select the Protocol Type you wish to block, or select Any if you want to block access to all protocols. Next and then Finish.
  13. Complete the steps above for each additional IP address you want to add to the Filter list, or if you have blocked all IP addresses continue to the next step.
  14. Once you have added all the required IP Addresses to the list click OK.
  15. Select the list you have just created from the IP Filter List and click Next.
  16. In the Filter Action box select the BlockConnection option and click Next.
  17. Click Finish.
  18. Click OK to close the RDP Policy Properties box.
  19. Once you're back in the Console/IP Security Policies screen, right click on the Policy you have just created and select Assign. This step will not be necessary if you are using an existing Policy.