How to monitor worker processes on a windows server and block offending IP addresses using IIS or windows Firewall

Below are the steps required to monitor the worker processes for websites in IIS and block a client IP address on a windows server.

BLOCK IP ADDRESS USING IIS

1. Connect to the windows server via RDP and go to Start >> Internet Information Services (IIS) Manager.

2. Click on Worker Processes Icon on the main page.

 3. Sort the Worker Processes according to the CPU or Memory usage and see whether any particular website is using high resources.

4. Click on the domain name which uses the high resources and it will show worker processes as follows. See whether the requests are vulnerable, if so note down the Client IP.

5. Say the website example.com is using the high resources. To block the IP address from IIS itself, go to 'example.com >>IP address and domain restrictions' from IIS.

6. Click Add Deny Entry. Enter 'client IP' address in the pop up windows and click OK button.

BLOCK IP ADDRESS USING WINDOWS FIREWALL

7. To Block the IP address from Firewall. Open Windows Firewall with Advanced security from windows starts page.

8.  Click 'New Rule' link to add a new inbound rule.

9. It will show a pop-up window as follows. Enter the name as 'Block IPs' and check the options as shown and click OK button

10. After the inbound rule is created follow the on screen steps to block an IP address.

11. Enter the IP address or subnet which need to be blocked and click OK button.

Note: Please confirm that Firewall status is ON for the IP block to work.