Can someone tell me how to stop logging localhost or particular IP addresses
in IIS 5.1? Also, anyway way to block IP addresses with IIS 5.1 short of the
Windows Firewall or a hardware firewall? Thx!

[ Post a follow-up to this message ]

Hi,

IIS 5.1 (Windows XP IIS) does not allow you to filter by IP address. You get
these options in server version of the IIS (.e.g Windows Server 2003). One
option as suggested would be to use built in firewall or IP policies which
are available in the operating system.

As far as I know there is no way to filter out which IP addresses get logged
and which not. But since logs are e.g. comma delimited it should not be a
problem to folder them out with tools like Excel or Access or ...

--
Mike
Microsoft MVP - Windows Security


"Jeff" <topnikko@hotmail.com.discuss> wrote in message
news:OLZZHkt6FHA.1944@TK2MSFTNGP14.phx.gbl...
> Can someone tell me how to stop logging localhost or particular IP
> addresses in IIS 5.1? Also, anyway way to block IP addresses with IIS 5.1
> short of the Windows Firewall or a hardware firewall? Thx!
>

[ Post a follow-up to this message ]

Filtering IP addresses via a firewall, or IPSec, is I believe the best way
to do so.  I feel firewall is preferable, because IPSec does not adequately
do logging.  But the choice is yours.

http://securityadmin.info/faq.asp#ipsec


"Jeff" <topnikko@hotmail.com.discuss> wrote in message
news:OLZZHkt6FHA.1944@TK2MSFTNGP14.phx.gbl...
> Can someone tell me how to stop logging localhost or particular IP
> addresses in IIS 5.1? Also, anyway way to block IP addresses with IIS 5.1
> short of the Windows Firewall or a hardware firewall? Thx!
>

[ Post a follow-up to this message ]

IIS logging is controlled by URL, not IP Address. So, if you make a request
to a URL on the server, IIS will log it, unless you configure IIS to not log
access to that URL, period.

In general, IIS does not offer any conditional "filtering" operations on the
log file. Presumably, you want IIS to first log everything (or subset of
columns), selected by URL namespace, and then you run tools like LogParser
on the log to filter/extract the subset, import it into SQL for further
analysis, etc.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jeff" <topnikko@hotmail.com.discuss> wrote in message
news:OLZZHkt6FHA.1944@TK2MSFTNGP14.phx.gbl...
Can someone tell me how to stop logging localhost or particular IP addresses
in IIS 5.1? Also, anyway way to block IP addresses with IIS 5.1 short of the
Windows Firewall or a hardware firewall? Thx!

[ Post a follow-up to this message ]

It is possible however to set up a second virtual web server folder/instance
within your IIS that shares up the same files, and disable logging on that
web server.  You can bind that web server to 127.0.0.1 if you ensure the
first web server is not bound to that IP or to "all IP addresses."  This
should remove local accesses from your web log.


"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:u%23ns4MM7FHA.3136@TK2MSFTNGP09.phx.gbl...
> IIS logging is controlled by URL, not IP Address. So, if you make a
> request
> to a URL on the server, IIS will log it, unless you configure IIS to not
> log
> access to that URL, period.
>
> In general, IIS does not offer any conditional "filtering" operations on
> the
> log file. Presumably, you want IIS to first log everything (or subset of
> columns), selected by URL namespace, and then you run tools like LogParser
> on the log to filter/extract the subset, import it into SQL for further
> analysis, etc.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Jeff" <topnikko@hotmail.com.discuss> wrote in message
> news:OLZZHkt6FHA.1944@TK2MSFTNGP14.phx.gbl...
> Can someone tell me how to stop logging localhost or particular IP
> addresses
> in IIS 5.1? Also, anyway way to block IP addresses with IIS 5.1 short of
> the
> Windows Firewall or a hardware firewall? Thx!
>
>
>

[ Post a follow-up to this message ]