Restricting access to a website by IP address range / domain

Question

Hi,

I would like advice on the best way to restrict access to a weba pplication (using .net 2.0 and II6) based on the clients IP address. The two ways I am considering:

1) Through the server side code - check the client I.P against a list of IP addresses within the web.config.

2) Through IIS by creating a virtual directory and restricting the I.P addresses on this virtual directory.

My question is if I go the virtual directory route there are a lot of users that access this website and I have read reverse domain lookups made during each client request can be very expensive on server resources. How much of a risj is this?

Any other suggestions /ideas to doing this would be much appreciated

Thanks advance,

Answer 1

If you go the second route (virtual directory), there will not be any reverse lookups done unless you filter on domain names. If you are restricting by IP addresses (or ranges of addresses), this never comes into play.

See the bit at the bottom of this MS bulletin:

If you use domain name restrictions, the server has to perform a reverse DNS lookup for each request to check the host's registered domain name. Microsoft recommends that you use an IP address or network range whenever you can.