I have a 4.5.2 MVC website running on my machine.
I have a .NET core microservice (WebAPI) running on the same machine. I'm struggling to restrict access to the microservce down to just the local host (the 4.5.2 website hosted in IIS) and have it still work properly.
When I go into "IP Address and Domain Restrictions" in IIS, and "Feature Settings, Access for unspecified clients" is "Allow", everything works just fine.
When I set this to deny for the Microservice in IIS, and add the local IP address and "127.0.0.1" to the allow list, I get access forbidden from the local IIS node running my website.
In case anyone ever comes across this particular use case.
I ended up adding the IPv6 ip, as well as the generated IP off of the 6T04 tunnel adapter to solve this.