Geolocation restrictions could be added in [lack-of-protection-from-automated-threats]

[faizzaidi]

Hi @PauloASilva ,

I was going through the 0xa8-lack-of-protection-from-automated-threats.md in the How To Prevent section I thought we could add the Geolocation restrictions.

For example, if I am providing my service in some countries, I can block the traffic from other countries where I don't serve. Doing this can eliminate a lot of risks.

[faizzaidi]

Hi @PauloASilva ,

Do I create a PR for this issue?

[PauloASilva]

Hi @faizzaidi, Thanks for your feedback.

I would like to leave the issue open for a little while so that we can get further feedback from the community. Nevertheless, since it should be a small change, feel free to open the PR (please refer this issue in your PR message): when the time comes it might be merged into the final version.

The way I see it mitigating the risk of automated treads should be a multi-layer/multi-technique approach. Although, with the advent of the cloud geolocation restrictions will be easily bypassable, I believe such recommendation makes sense.

As many fences you put in the attackers' path, the more expensive (cost and effort wise) the attack becomes, which may lead some of them to give up on it.

Cheers, Paulo A. Silva

[faizzaidi]

Sure @PauloASilva, thanks for the inputs. I will raise the PR for this issue.