Open colinxfleming opened 3 years ago
elimbaum
commented
3 years ago Do we necessarily want to prevent people from using VPNs, though (especially considering work-from-home trends)? Maybe something like fail2ban (i.e. blacklist, not whitelist) makes more sense if we're worried about DoS + brute force proection.
colinxfleming
commented
3 years ago We have something similar to fail2ban in place now (rack-attack iirc, which I think is essentially the same guard).
I don't mind VPNs necessarily, but I don't think there's a good reason someone for someone to connect to DARIA from a machine outside the states - that's way more likely to be a red flag than it is a proper human I think!
xmunoz
commented
3 years ago Just to throw a wrench into this issue thread: I'm in Ecuador currently. For most of my work, I VPN into Miami, but sometimes I forget and directly connect to an instance to validate a deployment or triage an issue.
colinxfleming
commented
1 year ago leaving this here as a note https://developers.cloudflare.com/waf/tools/ip-access-rules/
xmunoz
commented
1 year ago Yup, there are definitely straight-forward ways to block unwanted requests using Cloudflare's WAF. Though my concern about whether we really want to still stands.
Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.
We got a request from France the other day. I think it was fine (someone using a VPN) but would be nice to cut this kinda stuff off, so let's investigate ways to ban non-US requesters.
security
Probably there's a rack extension that does this?