Date: Wed, 9 Jan 2002 09:46:51 -0500 From: "Blake Crosby" <dev@samurai.com> To: "Paul Chvostek" <paul+isp@it.ca> Cc: <isp-webhosting@isp-webhosting.com>, <freebsd-isp@FreeBSD.ORG> Subject: RE: Restricting Users Geographically Message-ID: <JAEEIJKIHAONENKPFCCPEEPMCBAA.dev@samurai.com> In-Reply-To: <20020109015823.A25751@mail.it.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> > This way, Canadians have exclusive access to the mirror. (well > anyone with > > a .com .net .org .edu domain name as well). The non canadians > can use one > > of the many mirrors in the USA or their home country. > > And hosts without valid reverse DNS are presumably out of luck as well. > Yes and no. I have added net blocks that I know off the top of my head to be of Canadian origin. The 403 error has my email address where people can request that their netblock be added, a few have already done so. > The bandwidth limitation idea seemed like a good one. You're running > FreeBSD, right? (Lemme check the console ... yeah.) So do some of > your own traffic shaping. If you want a dedicated IP address for your > mirror, ask your ISP; they can certainly accomodate your request, > perhaps even at no charge. Then use do something like: > Already done, and is being used for another mirror. Right now users are redirected to port 81, where traffic is being shaped there. > > I'm sure that with a little research in your logs (or at ARIN et al) you > will have the bulk of the overseas stuff covered. > > Alternately.... > > For every inbound connection, let 'em log on and start some traffic. For > every new connection, launch a background process which looks up the IP > address at whois.ra.net and whois.arin.net. Take the first line from > ra.net with the word "origin:", and that's supposed to be the AS number > that's responsible for routing. Look up that ASN at whois.arin.net, and > if the result does not include the regexp /\<C(A|anada)\>/, null route > 'em. Or ipfw deny their traffic. And store the result in a local db > for quicker lookup next time that host connects. (Don't just store the > IP, instead store the CIDR block that was given in the first line of > output from whois.ra.net.) I dont think I am going to go that far. the Geo::IP perl module pretty much already has a database of locations to IP addresses that is updated every month. Using mod_perl, I can probably write a small perl script to take a look at the ip address look up the country then either display an error message or show them the mirrors' web pages. > And if after all that you feel that the time to develop all this has > been well spent, you must be paying too much for your bandwidth. ;-) Hey, its a learning experience :) I'm up for the challenge! Blake To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JAEEIJKIHAONENKPFCCPEEPMCBAA.dev>