If your website contains an administrative web user
interface accessible via the Internet, then it is advisable to use as much
security as possible. It is particularly advisable to restrict access to a
single IP address or a range of IP addresses if only one or several machines
are going to require access to the administrative functions.
Including IP address restrictions is possible through the
IIS management console. IP address restrictions may be applied to entire
websites, as well as individual folders and even files. It is also possible to
put in IP address checks at the application level by making use of the
REMOTE_ADDR server variable.