Problem solve Get help with specific problems with your technologies, process and projects.

Is it possible to password protect a Web server remotely?

We have a Windows 2000 Server running IIS 5 on a university campus. I would like to know if it is possible to password protect the Web server if accessed from outside the campus. Also, can we allow 'no password' access from within the campus? We achieved this with our Linux Web server which runs Apache, but we still need a Windows Web server as well.

This is a bit tricky, but I think it will work. First, configure your IIS server with two IP addresses: one for the internal Web site, and one for the external Web site.

Second, modify the Web server's record on your internal DNS server so that it resolves to the Web site's internal IP address. The Web server's public DNS record should still resolve to the Web site's external IP address.

Third, create a second Web site within IIS and configure it exactly the same as the current Web site except for one key difference: it listens for requests on the external IP address only. To modify this setting, launch Internet Services Manager, view the external Web site's properties, and then click the Web Site tab. Click the Advanced button, click the Add button, and specify the external IP address. Click OK to return to the Web Site Properties dialog, and then click the Directory Security tab. Click the Edit button in the "Anonymous Access And Authentication Control" grouping, and clear the Anonymous Access checkbox. Now you have one Web site that requires authentication.

Finally, view the properties of the original (now the internal) Web site. Click the Directory Security tab, and then click the Edit button in the "IP Address And Domain Name Restrictions" grouping. Select the Denied Access radio button. Then, click the Add button. On the Deny Access On dialog, select Group Of Computers, and specify the Network ID and Subnet Mask of a subnet on your campus that you do not want to require authentication for. Repeat this process until every network address has been added.

That should do it. Good luck. If you have development skills, you could create an ISAPI filter or an ASP.NET application to handle this, but I prefer solutions that don't involve writing code.

Dig Deeper on Microsoft Hyper-V management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.