[Icecast] Blocking IP addresses on a per mountpoint level

Marius Flage marius at flage.org
Thu Mar 26 13:00:44 UTC 2020 

Ah,

I must have overlooked that requirement in my first reply. I don't think
you can do it natively in Icecast, and doing this in the kernel will be
too low level and too wide a block, so I guess a web application
firewall or a reverse proxy is the way to go. Maybe setting up HAproxy
or similar could solve this?

--
Marius

On 26.03.2020 13:49, Chip wrote:
> Thanks.
>
> Indeed - but is it it possible to block IP addresses on a per
> mountpoint level? For example, my user with /mountpointA.ogg does not
> mind being hammered by connections from 93.184.216.34 [example.com
> <http://example.com>] but my user with /mountpointB.ogg wants to block
> that IP address.
>
> Using iptables I've blocked connections, at a server level, from
> example.com <http://example.com> for my User B but my User A doesn't
> mind their connection being probed once per minute 24/7/365 by a
> badly-configured player from that IP address.
>
> Thank you
>
> Chip Scooter
>
> On Thu, 26 Mar 2020 at 11:30, Marius Flage <marius at flage.org
> <mailto:marius at flage.org>> wrote:
>
>     I believe the easiest is just to do this using iptables ('iptables
>     -A INPUT -s 93.184.216.34 -j DROP'). There's also an geoip module
>     available for iptables.
>
>     --
>     Marius
>
>     On 26.03.2020 12:16, Chip wrote:
>>     Hi
>>
>>     Several questions below:
>>
>>     a) is it possible to block IP addresses on a per mountpoint level
>>     e.g. my user with /mountpointA.ogg does not mind being hammered
>>     by connections from 93.184.216.34 [example.com
>>     <http://example.com>] but my user with /mountpointB.ogg wants to
>>     block that IP address.
>>
>>     b) is it possible to geoblock ranges of IP addresses and whole
>>     countries on a per mountpoint basis?
>>
>>     c) what options do people use for geoblocking? I'm on a VPS so
>>     ipset is currently not an option.
>>
>>     Many thanks in advance
>>
>>     Chip Scooter
>>
>>     _______________________________________________
>>     Icecast mailing list
>>     Icecast at xiph.org <mailto:Icecast at xiph.org>
>>     http://lists.xiph.org/mailman/listinfo/icecast
>     _______________________________________________
>     Icecast mailing list
>     Icecast at xiph.org <mailto:Icecast at xiph.org>
>     http://lists.xiph.org/mailman/listinfo/icecast
>
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20200326/def1bdde/attachment.htm>

More information about the Icecast mailing list