Below are the steps required to monitor the worker processes and block a client IP address on a windows server.
1. Connect to the windows server via RDP and go to Start >> Internet Information Services (IIS) Manager.
2. Click on Worker Processes Icon on main page.
3. Sort the Worker Processes according to the CPU or Memory usage and see whether any particular website uses high resources.
4. Click on the domain name which uses high resource and it will show worker processes as follows. See whether the requests are vulnerable, if so note down the Client IP.
5. Say the website example.com is using high resource. To block the IP address from IIS itself, go to 'example.com >>IP address and domain restrictions' from IIS.
6. Click Add Deny Entry. Enter 'client IP' address in the pop up windows and click OK button.
7. To Block the IP address from Firewall. Open Windows firewall with Advanced security from windows start page.
8. You can add an inbound rule named Block IPs with settings as shown below.
9. After the inbound rule is created follow the on screen steps to block an IP address.
