RD Web Access Protection

• How to enable RD Web Access protection
• Advanced Settings

How to Enable and Configure RDWeb Access Protection

To Enable RDWeb Access Protection

1. Launch the Dashboard and click the link next to RDWeb Access Protection:

How to enable RD Web Access Protection in RdpGuard

The RDWeb Protection Settings dialog will open:

RDWeb Protection Settings dialog

2. Check Enable RDWeb Protection and click Save

RDWeb Access Protection Configuration

Automatically detect log files location - by unchecking this option you have the ability to manually specify the IIS logs directory for the RDWeb Access website.

In most instances, RdpGuard is capable of detecting the IIS log files location automatically. However, in rare cases, you might need to manually specify it.

Advanced Settings

Clicking the "advanced settings" link will open the Advanced HTTP Settings dialog where you can configure additional HTTP protection settings.

Advanced HTTP Detection Engine Settings

Use the X-Forwarded-For field to read client IP address

By default, RdpGuard reads the client IP address from the Client IP field in the IIS log. If your web server is behind a proxy server, you may need to enable this option to read the client IP address from the X-Forwarded-For field.

This option should only be enabled if you are hosting the website behind a proxy.

Note: Proper configuration of your proxy server and IIS logging is required for this feature to work correctly.

Please refer to the Configuring IIS to Detect Source IP Behind a Proxy guide for detailed instructions.

Blocking Requests When Using X-Forwarded-For

When using the X-Forwarded-For option, the default blocking mechanism may not work as expected because banning the real client IP must be done on the proxy level. Without additional configuration, the blocking will not actually occur.

To ensure requests from detected malicious IPs are blocked, you can use IIS IP Restrictions combined with Custom Actions in RdpGuard.

Configuring Custom Actions in RdpGuard

Follow these steps to configure IIS to block IPs based on RdpGuard detections:

• Ensure that the IP and Domain Restrictions feature is installed in IIS.
• Enable IIS IP Restrictions to prevent requests from blocked IPs.
• Use Custom Actions in RdpGuard to dynamically update the IIS IP block list when a new malicious IP is detected.

Configure the following actions in RdpGuard:

IP Blocked Action

• Task: Execute program
• Path: c:\Windows\system32\inetsrv\appcmd.exe
• Arguments:
  

  set config /section:system.webServer/security/ipSecurity /+"[ipAddress='%IP%',allowed='false']"

IP Unblocked Action

• Task: Execute program
• Path: c:\Windows\system32\inetsrv\appcmd.exe
• Arguments:
  

  set config /section:system.webServer/security/ipSecurity /-"[ipAddress='%IP%']"

With this setup, detected malicious IPs will be automatically added to the IIS IP restrictions list, effectively blocking their requests.

RdpGuard protects:

• Remote Desktop
• MS-SQL Server
• FTP Protocol
• HTTP Protocol
• IMAP Protocol
• POP3 Protocol
• SMTP Protocol
• IIS Web Login
• MySQL Server
• ASP.NET Forms
• RD Web Access
• VoIP (SIP Protocol)
• SSH Protocol
• MS VPN (RRAS)

RdpGuard

 

People like RdpGuard!