nginx-ip-whitelister icon indicating copy to clipboard operation
nginx-ip-whitelister copied to clipboard

Published 20 hours ago verified publisher icon zuavra

Auto-blacklist for too many failures

Open zuavra opened this issue 1 year ago • 1 comments

Maintain a blacklist that will be auto-populated when too many rejected requests are made from the same IP.

  • Create a blacklist store.
  • Record rejected attempts from each IP separately.
  • Start denying access to an IP regardless of other conditions once certain thresholds are met.
  • Consider different weights for rejected requests without a key vs invalid key vs valid key but already in use.
  • Consider implications for multi-service support (if there are multiple whitelists should there be multiple blacklists?)
  • Consider using tiny-lru so that rejected entries will auto-expire, it would make it much easier to count entries per time unit (e.g. lru.size divided by the time difference between lru.first and lru.last) – and tiny-lru is a (secondary) dependency already anyway.

zuavra avatar Sep 28 '23 10:09 zuavra

I'm putting this on hold indefinitely for now because it feels out of scope and can probably be achieved with other tools.

zuavra avatar May 23 '24 12:05 zuavra