I'm getting started with request filters to block bot traffic.
I've started with an example .htaccess
file, see here: IIS htaccess rule converter only importing 1 rule
I don't want to manually add a ton of rules through the clunky IIS interface, so I'd rather add them to a file directly. I thought these rules would be in the applicationHost.config
(based on this post), but on opening %WINDIR%\System32\inetsrv\config\applicationHost.config
, I don't see any of the rules.
I also saw this post, so I tried opening the file with Notepad++ as well as Windows Notepad, but I still don't see the rule I created in IIS.
Why not?
IIS has a distributed configuration system and as Lex Li mentions, a great resource to familiarize yourself with is: https://learn.microsoft.com/en-us/iis/get-started/planning-your-iis-architecture/the-configuration-system-in-iis-7
Your configuration changes undoubtedly went to a web.config file. The location the configuration goes to change based on configuration, but by default Request Filtering will go to the lowest configuration file for which you are setting. In other words, if you are configuring Request Filtering for a Site, it will go to that Site's web.config. If you are configuring at a subdirectory, it will go to that subdirectory's web.config. You can actually influence where the settings go (i.e. site specific config can go to ApplicaitonHost.config) and its far easier thru command line.
If you look at the AppCmd.exe sampe in the ScanHeaders documentation, those commands will make changes (by default) to the Default Web Site's web.config. You can append /commit:AppHost to the end of them to make the settings apply to the ApplicationHost.config.