[Icecast] Blocking IP addresses on a per mountpoint level

Chip chiapas at aktivix.org
Thu Mar 26 13:17:37 UTC 2020 

Thanks.

Maybe something like this might do it:

   - https://mediarealm.com.au/articles/icecast-stream-geoblocking/

I should have searched more before asking the question(s) :o)

Cheers

Chip Scooter


On Thu, 26 Mar 2020 at 13:00, Marius Flage <marius at flage.org> wrote:

> Ah,
>
> I must have overlooked that requirement in my first reply. I don't think
> you can do it natively in Icecast, and doing this in the kernel will be too
> low level and too wide a block, so I guess a web application firewall or a
> reverse proxy is the way to go. Maybe setting up HAproxy or similar could
> solve this?
>
> --
> Marius
> On 26.03.2020 13:49, Chip wrote:
>
> Thanks.
>
> Indeed - but is it it possible to block IP addresses on a per mountpoint
> level? For example, my user with /mountpointA.ogg does not mind being
> hammered by connections from 93.184.216.34 [example.com] but my user with
> /mountpointB.ogg wants to block that IP address.
>
> Using iptables I've blocked connections, at a server level, from
> example.com for my User B but my User A doesn't mind their connection
> being probed once per minute 24/7/365 by a badly-configured player from
> that IP address.
>
> Thank you
>
> Chip Scooter
>
> On Thu, 26 Mar 2020 at 11:30, Marius Flage <marius at flage.org> wrote:
>
>> I believe the easiest is just to do this using iptables ('iptables -A
>> INPUT -s 93.184.216.34 -j DROP'). There's also an geoip module available
>> for iptables.
>>
>> --
>> Marius
>> On 26.03.2020 12:16, Chip wrote:
>>
>> Hi
>>
>> Several questions below:
>>
>> a) is it possible to block IP addresses on a per mountpoint level e.g. my
>> user with /mountpointA.ogg does not mind being hammered by connections from
>> 93.184.216.34 [example.com] but my user with /mountpointB.ogg wants to
>> block that IP address.
>>
>> b) is it possible to geoblock ranges of IP addresses and whole countries
>> on a per mountpoint basis?
>>
>> c) what options do people use for geoblocking? I'm on a VPS so ipset is
>> currently not an option.
>>
>> Many thanks in advance
>>
>> Chip Scooter
>>
>> _______________________________________________
>> Icecast mailing listIcecast at xiph.orghttp://lists.xiph.org/mailman/listinfo/icecast
>>
>> _______________________________________________
>> Icecast mailing list
>> Icecast at xiph.org
>> http://lists.xiph.org/mailman/listinfo/icecast
>>
>
> _______________________________________________
> Icecast mailing listIcecast at xiph.orghttp://lists.xiph.org/mailman/listinfo/icecast
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20200326/869ad5ea/attachment.htm>

More information about the Icecast mailing list