I would like to set ip restriction to the /admin folder on my website with PowerShell.
I do understand, that because this section is locked I have to go to applicationHost.config, and unless I unlock I can not use local web.config in that particular folder. I also figured out how can I add an IP restriction rule using appcmd.exe.
Because of allowUnlisted is true (Allow) by default, I also have to set it false, which I can not accomplish, because when I use the following command I got error:
$location = "My Site/admin"
appcmd.exe set config $location -section:system.webServer/security/ipSecurity /allowUnlisted:false
ERROR ( message:Can not set attribute "allowUnlisted" to value "false".. Reason: This configuration section cannot be used at this path. This happens when the section is locked at a parent level.
I also discovered that there is appcmd lock/unlock facility, but those commands does not allow a specific location. I do not want to change anything expect my $locations behavior, and do this in applicationHost.config.
Which is completely possible using the GUI, in IIS Manager using the IP Restrictions on my particuar admin folder in Edit feature I can set it to Deny, and that adds to the end of applicationHost.config the following lines (no other changes):
<location path="My Site/admin">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="127.0.0.1" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</location>
Question
How can I do this change in applicationHost.config with CLI way?
I don't know much about using appcmd.exe. However, if you want to use the powerShell WebAdministration module, then you can use the following:
$location = "My Site/Admin"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location $location -filter "system.webServer/security/ipSecurity" -name "allowUnlisted" -value "False"