This article mainly introduces the reasons why it is very slow to open websites in the server or unable to access external websites after win2008 R2 sets the IPsecurity policy. Friends in need can refer to it
win2008R2 After setting the IP security policy, the reason why opening the website in the server is very slow and the speed is only a few KB
is because the shutdown policy in the IP security policy sets the original address "Any IP" to the target address "Any IP" Any UDP port is closed;
is changed to the original address "My IP address" to the target address "Any IP" UDP port is closed and reopened For UDP port 53, just go from my IP to DNS IP! This is used to resolve domain names!
Operation idea: prohibit all users from accessing port 1433, and only allow individual IP access. (The priority allowed in the security policy is greater than the prohibited)
1. Add "IP filtering" rules
IP filtering rules are used to set which IPs need to be restricted.
Open [Administrative Tools], click [Local Security Policy], select "IP Security Policy, on Local Computer"
Right-click menu, select [Manage IP Filter List and Filter Operations]
1) First Add a rule for "all IPs" to access port 1433, name: prohibit all IPs from accessing 1433
2) Add a rule for "specific IPs" to access port 1433, name: allow specific IPs to access 1433
2. Add the "Filter Operation" rule
Filter operation is a supplement to the IP filtering rules and is used to clarify whether to allow or block restricted IPs.
In "IP Security Policy, Local Computer", right-click the menu, select [Manage IP filter list and filter operations], select "Manage filter operations"
Create two rules, one to allow and one to intercept .
3. Create the "IP Security Policy" entry
After the IP filtering rules and operation rules have been created, now we need to combine these rules.
The "IP Security Policy" is the container that contains these rules.
In "IP Security Policy, on Local Computer", right-click the menu and select "Create IP Security Policy", name: Guardian IP Policy
4. Add IP filtering rules to "IP Security Policy"
1) Add the filtering rule of "Ban all IP access to 1433" and select the interception mode.
2) Add the filtering rule of "Allow specific IP to access 1433" and select the release mode.
After the filtering rules are added, enable the security policy to take effect.
If you need more restrictive rules, first create IP filtering rules according to process 1, and then add them to the "IP Security Policy" entry according to process 4.
The above is the detailed content of The reason why it is very slow to open websites in the server or unable to access external websites after setting the IP security policy in win2008 R2. For more information, please follow other related articles on the PHP Chinese website!