IIS is sooooo easy to use. Set listen IP address is intuitive:

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

Need to do this to limit the listen address before a restart of IIS:
This will change the default behavior of your http.sys (front end http server), it might break things badly, so you should probably not use it!
For Vista and up (and all its ilk).
netsh http add iplisten ipaddress=

- delete with:
netsh http delete iplisten ipaddress=

For Windows 2003 and XP - should you be even less fortunate:
httpcfg.exe set iplisten -i

What a load. The IIS Manager tool even shows some sort of global config, but it seems to ignore it! - actually, it is not global in the manager tool.

Looks like the netsh persists across reboots, so at lest you don't need to script it so http.sys has to be set up on every reboot.
Good and bad I suppose. I would rather have a script that was obvious instead of trying to figure out a bunch of netsh commands typed a year ago!

Check it with: netsh http show iplisten

See for yourself by visiting Sites -> Site Bindings (I.P. Address).... Go ahead and set it (and forget it, because it still tries to bind on all IP addresses on startup!)

To remove that crap, (2k3 only, similar for netsh commands on 7 and up):
  httpcfg query iplisten (to see what was added)
  httpcfg delete iplisten -i x.x.x.x:x
  net stop http /y
  net start w3svc