From owner-freebsd-isp Wed Jan 9 6:47: 1 2002 Delivered-To: freebsd-isp@freebsd.org Received: from infiniteloop.ca (infiniteloop.ca [216.126.86.53]) by hub.freebsd.org (Postfix) with ESMTP id 675C737B400 for ; Wed, 9 Jan 2002 06:46:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by infiniteloop.ca (Postfix) with ESMTP id B325120F; Wed, 9 Jan 2002 09:46:52 -0500 (EST) Received: from blake (CPE0050da7c7e5d.cpe.net.cable.rogers.com [24.101.32.246]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by infiniteloop.ca (Postfix) with ESMTP id 04BD820C; Wed, 9 Jan 2002 09:46:52 -0500 (EST) From: "Blake Crosby" To: "Paul Chvostek" Cc: , Subject: RE: Restricting Users Geographically Date: Wed, 9 Jan 2002 09:46:51 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20020109015823.A25751@mail.it.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal X-Virus-Scanned: by AMaViS snapshot-20010714 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > This way, Canadians have exclusive access to the mirror. (well > anyone with > > a .com .net .org .edu domain name as well). The non canadians > can use one > > of the many mirrors in the USA or their home country. > > And hosts without valid reverse DNS are presumably out of luck as well. > Yes and no. I have added net blocks that I know off the top of my head to be of Canadian origin. The 403 error has my email address where people can request that their netblock be added, a few have already done so. > The bandwidth limitation idea seemed like a good one. You're running > FreeBSD, right? (Lemme check the console ... yeah.) So do some of > your own traffic shaping. If you want a dedicated IP address for your > mirror, ask your ISP; they can certainly accomodate your request, > perhaps even at no charge. Then use do something like: > Already done, and is being used for another mirror. Right now users are redirected to port 81, where traffic is being shaped there. > > I'm sure that with a little research in your logs (or at ARIN et al) you > will have the bulk of the overseas stuff covered. > > Alternately.... > > For every inbound connection, let 'em log on and start some traffic. For > every new connection, launch a background process which looks up the IP > address at whois.ra.net and whois.arin.net. Take the first line from > ra.net with the word "origin:", and that's supposed to be the AS number > that's responsible for routing. Look up that ASN at whois.arin.net, and > if the result does not include the regexp /\/, null route > 'em. Or ipfw deny their traffic. And store the result in a local db > for quicker lookup next time that host connects. (Don't just store the > IP, instead store the CIDR block that was given in the first line of > output from whois.ra.net.) I dont think I am going to go that far. the Geo::IP perl module pretty much already has a database of locations to IP addresses that is updated every month. Using mod_perl, I can probably write a small perl script to take a look at the ip address look up the country then either display an error message or show them the mirrors' web pages. > And if after all that you feel that the time to develop all this has > been well spent, you must be paying too much for your bandwidth. ;-) Hey, its a learning experience :) I'm up for the challenge! Blake To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message