Allow only US & Canada #522
Replies: 4 comments
-
|
I don't think Rack Attack is the best choice here. Instead, I'd suggest writing a generic middleware that performs a GeoIP check, and block anything that is not US/CA. |
Beta Was this translation helpful? Give feedback.
-
|
@joshm1204 would something like this work? |
Beta Was this translation helpful? Give feedback.
-
|
I think so, but I ended up using cloudflare’s firewall, which works well.
I will be using rack:attack for other reasons though.
…On Wed, Dec 16, 2020 at 6:22 PM Dale Zak ***@***.***> wrote:
@joshm1204 <https://github.com/joshm1204> would something like this work?
Rack::Attack.blocklist 'blocklist geocoder location' do |req|
Rack::Attack::Fail2Ban.filter req.ip, maxretry: 1, findtime: 30.seconds, bantime: 1.week do
unless ['Canada', 'United States'].include?(Geocoder.search(req.ip).first.country)
req.ip
end
end
end
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#507 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALICJGZIYEXPCRDKWUIUJVLSVFFOFANCNFSM4UK4IUAA>
.
|
Beta Was this translation helpful? Give feedback.
-
|
@dalezak I wouldn't recommend using this approach unless you explicitly configure Geocoder to use a Local IP Address Lookup method. Otherwise, every visiting IP except banned ones will be queried for geo-info every 30 seconds, which will have a negative effect on page loads (among other problems). Other than that, it's a very neat approach. |
Beta Was this translation helpful? Give feedback.
-
Is there a method to allow only IP addresses originating from US & Canada?
Beta Was this translation helpful? Give feedback.
All reactions