locked
Can Anonymous Access be set to specific IP Address? RRS feed

  • Question

  • Hey SharePoint Fam,

    Have a new request and was wondering if it's even possible.  I thought Anonymous Access can only be set at 3 levels (WebApp, Site, List) levels but wanted to see if it's possible to actually assign Anonymous Access to ip range somehow as well on the backend so that users within specific ip range gain anonymous read only access.

    Thanks N Advance

    Sunday, July 19, 2020 4:23 PM

Answers

  • Hi,

    As Trevor suggests, since it is not possible to configure IP specific Anonymous Access via SharePoint, consider seeking help with third-party tools.

    Here is a relative document from F5 BIG-IP for your reference:

    Deploying the BIG-IP System with Microsoft SharePoint.

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    ---

    This “SharePoint 2013 - Setup, Upgrade, Administration and Operations” Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards,

    Chelsea Wu


    "SharePoint" forums will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "SharePoint" forums' new home on Microsoft Q&A !

    • Marked as answer by 41global Thursday, July 23, 2020 5:49 PM
    Monday, July 20, 2020 6:59 AM
  • Hello,

    Yes you can restrict access via IIS but you are better off doing it at the firewall before the unwanted traffic even enter the network. It's better to reject it at the gateway than with IIS. Any decent firewall, Sonicwall, Fortinet, PFSense,e tc. can easily do the job.

    If you want to filter IP traffic in IIS, it's in IIS Manager, expand SERVERNAME > Sites > click on a required website > double-click IP Address and Domain Restrictions (under IIS group).

    Click Add Allow Entry... (on the right pane) to add an IP address or IP address range which will be allowed to access the website.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    • Marked as answer by 41global Thursday, July 23, 2020 5:49 PM
    Monday, July 20, 2020 5:00 PM

All replies

  • It can't be done on the SharePoint side. You'd need an intermediary, perhaps a reverse proxy or firewall appliance (i.e. F5 BigIP).

    Trevor Seward

    Office Apps and Services MVP



    Author, Deploying SharePoint 2019

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Sunday, July 19, 2020 5:18 PM
  • Hello 41Global,

    I am guessing you want to make your site available to a select group of people only. This can be accomplished if you have a router with a packet filter firewall. Just create an allow list of IPs and let them through to the SP server. Everybody else will not be able to see the site.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     


    • Edited by Miguel Fra Sunday, July 19, 2020 5:19 PM
    Sunday, July 19, 2020 5:18 PM
  • Hi,

    As Trevor suggests, since it is not possible to configure IP specific Anonymous Access via SharePoint, consider seeking help with third-party tools.

    Here is a relative document from F5 BIG-IP for your reference:

    Deploying the BIG-IP System with Microsoft SharePoint.

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    ---

    This “SharePoint 2013 - Setup, Upgrade, Administration and Operations” Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards,

    Chelsea Wu


    "SharePoint" forums will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "SharePoint" forums' new home on Microsoft Q&A !

    • Marked as answer by 41global Thursday, July 23, 2020 5:49 PM
    Monday, July 20, 2020 6:59 AM
  • Thanks a bunch for response!

    Would either of the following be possible:

    Restrict SharePoint server IIS to allow access from specific IP range

    or

    Could I somehow bind/connect a secondary outside AD connection for authentication?

    Thanks N Advance 

    Monday, July 20, 2020 2:45 PM
  • Thanks a bunch for response!

    Would either of the following be possible:

    Restrict SharePoint server IIS to allow access from specific IP range

    or

    Could I somehow bind/connect a secondary outside AD connection for authentication?

    Thanks N Advance 

    Monday, July 20, 2020 2:46 PM
  • Hello,

    Yes you can restrict access via IIS but you are better off doing it at the firewall before the unwanted traffic even enter the network. It's better to reject it at the gateway than with IIS. Any decent firewall, Sonicwall, Fortinet, PFSense,e tc. can easily do the job.

    If you want to filter IP traffic in IIS, it's in IIS Manager, expand SERVERNAME > Sites > click on a required website > double-click IP Address and Domain Restrictions (under IIS group).

    Click Add Allow Entry... (on the right pane) to add an IP address or IP address range which will be allowed to access the website.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    • Marked as answer by 41global Thursday, July 23, 2020 5:49 PM
    Monday, July 20, 2020 5:00 PM
  • Hi,

    If you find any reply helpful to you, please remember to mark it as answer. 

    It will do great help to those who meet the similar question in this forum.

    Thank you for your understanding.

    Best regards,

    Chelsea Wu


    "SharePoint" forums will be migrating to a new home on Microsoft Q&A !
    We invite you to post new questions in the "SharePoint" forums' new home on Microsoft Q&A !

    Wednesday, July 22, 2020 1:18 AM