The simplest way is to add code to your Master CSS page Load event, which checks if the IP address of the caller is acceptable, and redirects to a "forbidden access" page instead if necessary:
string ip = Request.UserHostAddress;
if (IsNotAllowedIP(ip))
{
Response.Redirect(@"~/NotAllowedAccess.aspx", true);
}
else
{
...
}