How To Disable ip Access on windows Server

There are many methods to prohibit ip access. The most common method is to use strong fire prevention. The firewall of the data center can directly prohibit access from the specified IP address. We can also use the IP Security policy function to prohibit access, you can also use a WEB server to disable it.

Below is the method

Control Panel-Administrative Tools-Local Security Policy or command gpedit. msc

Select create IP Security Policy

Click Next

We just want to prohibit him from talking to him, so deselect the check box.

Click Finish directly. The check box is the default one.

Pay attention to the "add wizard" in the lower right corner. If this option is selected, cancel it and click "add"

Select the created prohibit ip address to edit (@ add ip address)

Deselect the "add wizard" check box and click "add ".

Do not write back the address and target, and seal yourself

// Switch to the "protocol" Panel

Here I select tcp to port 80. Press OK to go back to the upper-layer interface, continue to OK, and return to the new rule attribute panel.

Select the filter Operation Panel

Here, the blocking is previously added. The operation procedure is: deselect the "add wizard" Check Point to add

In general, it is OK to rename it as blocking.

All the way back

Be sure to disable the check box before the ip address.

OK. The policy is completed.

Finally, you need to assign a policy.

At this point, the user with the ip address 116.164.68.6 shown just now cannot access the server.

Add multiple ip addresses from (@ add ip addresses)

You can also use nginx to disable WEB access through IP addresses.

The default virtual host of nginx takes effect when the user accesses it through an IP address or through an unspecified domain name (for example, someone points his own domain name to your ip address ).

The most important thing is to add this line in the server settings:
Listen 80 default;
The following default parameter indicates that this is the default virtual host.

This setting is very useful.
For example, if you want to disable the display of any valid content when someone accesses your website through an ip address or an unknown domain name, you can return 500 to someone else.
At present, many data centers in China require the website owner to disable the empty Host header to prevent troubles caused by domain names not filed. You can set it as follows:

The Code is as follows:	Copy code
Server { Listen 80 default; Return 500; }

You can also collect the traffic and import it to your website. You only need to perform the following redirect settings:

The Code is as follows:	Copy code
Server { Listen 80 default; Rewrite ^ (. *) http://www.mydomain.com permanent; }

====================================

According to the above settings, the server cannot be accessed through an IP address. However, when server_name is followed by multiple domain names, one of them cannot be accessed:

The settings are as follows:

The Code is as follows:	Copy code
Server { Listen 80; Server_name www.abc.com abc.com

Before modification, the server can be accessed through www.abc.com abc.com in server_name. After adding the settings to prohibit IP Access, the server cannot be accessed through abc.com, and www.abc.com can be accessed.

If you use nginx-t to check the configuration file, the following prompt is displayed:

[Warn]: conflicting server name "abc.com" on 0.0.0.0: 80, ignored
The configuration file/usr/local/webserver/nginx/conf/nginx. conf syntax is OK
Configuration file/usr/local/webserver/nginx/conf/nginx. conf test is successful

Finally, the solution is solved by adding server_name _; after listen 80 default;. The format is as follows:

The Code is as follows:	Copy code
# Prohibit IP Access Server { Listen 80 default; Server_name _; Return 500; }

In this way, you can access the server through abc.com and solve the problem.