Limit requests to a country/geoIP region #2720
Labels
duplicate
Duplicate or merged issues.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prerequisites
Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
Problem Description
Chinese DNS scanners are flooding my VPS yet are below the 20/s limit.
Proposed Solution
Limit to not just an IP, but to a country in general. It seems that the American scanners are tender with my poor VPS and resolve one domain. Some of them are even colleges seemingly doing analysis. But the other countries seem to spam requests significantly more.
Another solution would be to limit by hostname. For example, the client name for my home currently is
pool-(my IP).(area of my state).fios.verizon.netormyvzw.comif I'm on my phone. This seems like a faster solution than implementing IP geolocation (just block if hostname doesn't contain my hostname) and has the benefit of geoblocking as well, unless someone lives in the same area of my state and has verizon fios. Not sure how other ISP's implement hostnames though. This was discussed in #835 however.Alternatives Considered
Limiting to my home IP, but this failed as soon as my router got a new IP. I also tried disabling DNS and only allowing HTTPS, but my router doesn't support DoH natively so DNS was borked after. IPV4's can be quickly scanned but my domain + custom port + /dns-query will probably take a lot longer to be found randomly.
Additional Information
A local IP range db would be preferable even if it had to be manually uploaded, as opposed to an API that gets pinged on each IP.
I see this is written in go so maybe this will help: https://github.com/oschwald/geoip2-golang
The text was updated successfully, but these errors were encountered: