I have a web application, in which a web service resides in a folder. The whole web application can be accessed from anywhere, while the web service should only be accessed
OK, what a simple action it was.
Simply select the folder in IIS7, and from the right hand, select IP Address and Domain Restrictions
(which if is not visible, must be reached via Features View
tab).
Now, you can allow or deny any single IP address, or a range if IP addresses from seeing or not seeing your folder, and anything inside it.