14 DAY TRIAL // Microsoft has made available for download the second Beta development milestone of an anti-DoS extension for version 7.0 of Internet information Services. The Microsoft Dynamic IP Restrictions for IIS 7.0 has reached Beta 2 and is up for grabs via the Microsoft Download Center in two flavors, 32-bit (x86) and 64-bit (x64).
IT professionals and administrators working for hosting companies can leverage the Dynamic IP Restrictions Extension for IIS in order to both mitigate and block Denial of Service Attacks.
The module is completely configurable and integrates seamlessly with IIS 7.0 Manager, and can help fend off not just DoS attacks but also password cracking attempts involving Brute-force.
The extension will effectively block Internet Protocol (IP) addresses of HTTP clients that are associated with certain patterns, normally conducive of attack attempts.
According to Microsoft’s Nazim Lala, the Redmond company introduced a range of changes in Dynamic IP Restrictions for IIS 7.0 Beta2.
Modifications impacted a variety of areas, including splitting dynamic and static IP restrictions; negligible runtime performance impact; removal of RSCA interface; proxy mode and server and site level configuration.
For the Beta 2, the software giant has separated static and dynamic IP restrictions per their own module and configuration space. Nazim promised that this detail will not be altered in the RTW build.
“You will need to uninstall the Beta version of Dynamic IP restriction before you can install Beta 2. Make sure to backup configuration before doing this,” Nazim stated.
“Since static IP restrictions module was uninstalled during the installation of dynamic IP restrictions Beta, you will now have to re-install (re-enable) static IP restrictions module (IP and Domain Restrictions).”
The Redmond company focused on improving the runtime performance of the module as much as possible. The code behind the extension has been rewritten and the impact on speed reduced almost to zero.
“We feel that every web server should have this feature installed and enabled and this way we ensure that the dynamic IP restrictions module will have no performance impact on your server,” Nazim explained.
Following the feedback received from testers in relation to the initial Beta of the Dynamic IP Restrictions for IIS 7.0, Microsoft improved the logs associated with the RSCA interface.
“We now have a configuration option that will enable the module to use the first IP address in the X-Forwarded-For request header as the client IP address. This header is used as the de-facto mechanism of reporting originating IP address,” Nazim said.
As of Beta 2, Microsoft is only allowing the Dynamic IP Restrictions for IIS 7.0 module to be configured at server and site level only. This detail helps boost performance, the company underlines. Microsoft Dynamic IP Restrictions for IIS 7.0 - Beta2 is available for download here.