You can authorize access to the content on your Web site in two ways. If your site uses an authentication method that identifies its users, you can set up authorization rules that allow access to some users and deny access to others. If you want to authorize access based on domain names or an IP address space, you can use IP and domain restriction rules to allow access to some domains and deny access to others. You can mix and match these rules to configure an authorization scheme that provides the best level of security for your content.
The Authorization Rules and IPv4 and Domain Restrictions features are not installed by default. If you want to use either of these features, you must first install them.
Read an overview of how to set up an authorization strategy.
Install IPv4 and Domain Restriction and Authorization Rules using the Add Role Services Wizard from Server Manager.
Use IIS 7 to configure Authorization Rules.
Use IIS 7 to configure IPv4 and Domain Restrictions.