Using request filters in DotNetNuke to restrict website access

Have you ever had the need to blog a range of IP Addresses from accessing your website? Or perhaps, setup a website that is only accessible to a specific range of IP Addresses? DotNetNuke Request Filters are a great tool for getting such functionality configured, all configurable within your browser, without needing access to the settings in IIS.

Before configuring the request filters, I’ll throw out an example of why you might do this. If your website has a forum, or other community type interface, you have likely experienced spammers trying to take advantage of these features. Sometimes these spammers come from a specific IP Address, or even a specific range of ip addresses. If that is the case, you may want to turn off your website for those IP Addresses.

A word of warning, the instructions below are very powerful, if you aren’t careful, you could bring your website down. Read through the instructions before attempting to configure your website’s request filters.

Configuring your DotNetNuke website to be accessible from one IP Address

Here are the steps to configure request filtering for an IP Address, essentially making the website ONLY accessible to a person browsing from a computer using the defined IP address. All other addresses will redirect to DotNetNuke.com. (these instructions assume you are running on DotNetNuke 6+

  1. Login to your website with a Super User account (typically HOST).
  2. Navigate to the Host/Host Settings page.
  3. From there click on the Other Settings tab
  4. Check the Enable Request Filters checkbox
    image
  5. Click on Add New Rule
    image
  6. First we will configure the site to only be accessible from a specific IP Address (67.188.123.23). These settings configure all requests not from 67.188.123.23 to redirect to DotNetNuke.com
    image
  7. To SAVE your new rule, click on the disk icon to the left of the Server Variable field.
  8. If you access the site from the IP Address defined above, the site would function as normal.
  9. If you access the site from a different IP Address than the one defined above, you would be redirected to DotNetNuke.com

Configuring your DotNetNuke website to NOT be accessible from a range of IP Addresses

  1. Login to your website with a Super User account (typically HOST).
  2. Navigate to the Host/Host Settings page.
  3. From there click on the Other Settings tab
  4. Check the Enable Request Filters checkbox
    image
  5. Click on Add New Rule
    image
  6. First we will configure the site to NOT be accessible from a specific IP Address range (67.188.1.1-254). These settings configure all requests from this range to redirect to DotNetNuke.com, all other requests would access the site as normal.
    image
  7. To SAVE your new rule, click on the disk icon to the left of the Server Variable field.
  8. If you access the site from the IP Address in the range defined above, the site would redirect.
  9. If you access the site from a different IP Address than the range defined above, the site would function as normal.

If you are having trouble generating the proper regular expression for a Range of IP Addresses you can check out this page on Google Answers.

If you happen to screw up a rule, and make your site inaccessible, if you can access the file system (either via the server, or FTP) you can find the rules defined in the dotnetnuke.config file in the root of your website.

Be careful if you play around with request filters! They can be very powerful tools.

2 Comments

  • I wonder if that is of any help when upgrading DNN to essentially put a site offline while doing an upgrade. Question is, when does the request filter fire? Before the upgrade routine is triggered?

  • Philip, I would still go with the App_Offline.htm file, and maybe a customized install/underconstruction.html file instead of trying to filter upgrades for a specific IP address. I don't know when in the process everything fires.

Comments have been disabled for this content.