Dynamic IP Restrictions Extension beta from Microsoft to Fight DoS Attacks
By Angsuman Chakraborty, Gaea News NetworkThursday, February 19, 2009
Database Administrators and Web developers know how horrific are SQL injections and DoS attacks. Microsoft has come in to respite this time. They are to provide a tool to fight Denial of Service (DoS) attacks that adds an extra layer of defense. The Dynamic IP Restrictions Extension beta integrates seamlessly into Internet Information Services (IIS) 7.0.
How is it Gonna Work
Its is very useful for the web- admins who want to nip brute-force technology and DoS attacks on their server on the bud. It will temporarily block IP addresses of HTTP clients who follow a malicious pattern and that will be done in a web server or website level. It is thoroughly customizable and as you can see for now, you can deny IP addresses based on concurrent requests made, over a period of time, action type etc.
Features
According to arstechnica, Microsoft notes 6 features as of now.
- Blocking of IP addresses based on number of concurrent requests - If an HTTP client makes many concurrent requests then that client’s IP address gets temporarily blocked.
- Blocking of IP addresses based on number of requests over a period of time - If an HTTP client makes many requests over short period of time then that client’s IP address gets temporarily blocked.
- Various deny actions - It is possible to specify what response to return to an HTTP client whose IP address is blocked. The module can return status codes 403 and 404 or just drop the HTTP connection and not return any response.
- Logging of dynamically denied requests - All denied requests can be logged into a W3C formatted log file.
- Displaying currently blocked IP addresses - A list of currently blocked IP addresses can be obtained by using IIS Manager or by using IIS RSCA AP
Download
The beta is available in 32-bit (655 KB) and 64-bit (739 KB).