Consider banning VPNs #21
Comments
|
But that would mean we'll have to rely solely on fastly to obtain this data. How about instead of attempting to verify whether probe's IP address is a commercial VPN or not, we run a quick ping query to a server closeby to their supposed geo? If they're using VPN - the ping would indicate that, and they could be exluced from the pool. It would also exclude any unstable connections. |
|
I guess your way is more reliable but a lot more complicated. We would need a solid list of servers all around the world and an algorithm to calculate the correct latency we expect the probe to have. I think starting with something simpler is better than nothing :) I actually don't worry about false positives, it's more likely to have false negatives which won't impact our users |
|
I tested quite a few IPs and haven't any issues yet. If we implement this I don't think it will create any problems, it only might miss some VPNs but if that starts to become a problem we can just add a second solution on top of this one to catch stuff that this didn't. |
How about we also block probes from connecting that have
proxy_description=vpn and tor-*plus maybeproxy_type=anonymous,aol,blackberry,corporate,?https://developer.fastly.com/reference/vcl/variables/geolocation/client-geo-proxy-description/
https://developer.fastly.com/reference/vcl/variables/geolocation/client-geo-proxy-type/
hosting example https://globalping-geoip.global.ssl.fastly.net/142.132.251.61
A probe hosted behind a VPN would only create problems. If the user is in China with the VPN server in Germany it would get registered in our system as a German probe. Then if someone tried to use the probe he would get 100ms latency to ping Germany from Germany.
The text was updated successfully, but these errors were encountered: