←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 2 comments | 25 Aug 25 04:23 UTC | HN request time: 0.478s | source
Show context
Jnr ◴[25 Aug 25 09:41 UTC] No.45012032[source]
Externally I use Cloudflare proxy and internally I put Crowdsec and Modsecurity CRS middlewares in front of Traefik.

After some fine-tuning and eliminating false positives, it is running smoothly. It logs all the temporarily banned and reported IPs (to Crowdsec) and logging them to a Discord channel. On average it blocks a few dozen different IPs each day.

From what I see, there are far more American IPs trying to access non-public resources and attempting to exploit CVEs than there are Chinese ones.

I don't really mind anyone scraping publicly accessible content and the rest is either gated by SSO or located in intranet.

For me personally there is no need to block a specific country, I think that trying to block exploit or flooding attempts is a better approach.

replies(2): >>45012108 #>>45012678 #
1. jrgifford ◴[25 Aug 25 11:28 UTC] No.45012678[source]
The more egregious attempts are likely being blocked by Cloudflare WAF / similar.
replies(1): >>45012878 #
2. Jnr ◴[25 Aug 25 11:56 UTC] No.45012878[source]
I don't think they are really blocking anything unless you specifically enable it. But it gives some piece of mind knowing that I could probably enable it quickly if it becomes necessary.