<div dir="ltr"><div>Thanks.</div><div><br></div><div>Maybe something like this might do it:</div><div></div><div><ul><li><a href="https://mediarealm.com.au/articles/icecast-stream-geoblocking/">https://mediarealm.com.au/articles/icecast-stream-geoblocking/</a></li></ul></div><div></div><div>I should have searched more before asking the question(s) :o)</div><div><br></div><div>Cheers</div><div><br></div><div>Chip Scooter<br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 26 Mar 2020 at 13:00, Marius Flage <<a href="mailto:marius@flage.org">marius@flage.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

  <div>

    <p>Ah,</p>

    <p>I must have overlooked that requirement in my first reply. I

      don't think you can do it natively in Icecast, and doing this in

      the kernel will be too low level and too wide a block, so I guess

      a web application firewall or a reverse proxy is the way to go.

      Maybe setting up HAproxy or similar could solve this?</p>

    <p>--<br>

      Marius<br>

    </p>

    On 26.03.2020 13:49, Chip wrote:<br>

    <blockquote type="cite">

      <div dir="ltr">

        <div>Thanks.</div>

        <div><br>

        </div>

        <div>Indeed - but is it it possible to block IP addresses on a

          per mountpoint level? For example, my user with

          /mountpointA.ogg does not mind being hammered by connections

          from 93.184.216.34 [<a href="http://example.com" target="_blank">example.com</a>] but

          my user with /mountpointB.ogg wants to block that IP address.</div>

        <div>

          <div><br>

          </div>

          <div>Using iptables I've blocked connections, at a server

            level, from <a href="http://example.com" target="_blank">example.com</a> for my User B but

            my User A doesn't mind their connection being probed once

            per minute 24/7/365 by a badly-configured player from that

            IP address.</div>

          <div><br>

          </div>

          <div>Thank you</div>

          <div><br>

          </div>

          <div>Chip Scooter<br>

          </div>

        </div>

      </div>

      <br>

      <div class="gmail_quote">

        <div dir="ltr" class="gmail_attr">On Thu, 26 Mar 2020 at 11:30,

          Marius Flage <<a href="mailto:marius@flage.org" target="_blank">marius@flage.org</a>> wrote:<br>

        </div>

        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

          <div>

            <p>I believe the easiest is just to do this using iptables

              ('iptables -A INPUT -s 93.184.216.34 -j DROP'). There's

              also an geoip module available for iptables.<br>

            </p>

            <p>--<br>

              Marius<br>

            </p>

            <div>On 26.03.2020 12:16, Chip wrote:<br>

            </div>

            <blockquote type="cite">

              <div dir="ltr">

                <div>Hi</div>

                <div><br>

                </div>

                <div>Several questions below:<br>

                </div>

                <div><br>

                </div>

                <div>a) is it possible to block IP addresses on a per

                  mountpoint level e.g. my user with /mountpointA.ogg

                  does not mind being hammered by connections from

                  93.184.216.34 [<a href="http://example.com" target="_blank">example.com</a>]

                  but my user with /mountpointB.ogg wants to block that

                  IP address.</div>

                <div><br>

                </div>

                <div>b) is it possible to geoblock ranges of IP

                  addresses and whole countries on a per mountpoint

                  basis?</div>

                <div><br>

                </div>

                <div>c) what options do people use for geoblocking? I'm

                  on a VPS so ipset is currently not an option.</div>

                <div><br>

                </div>

                <div>Many thanks in advance</div>

                <div><br>

                </div>

                <div>Chip Scooter<br>

                </div>

              </div>

              <br>

              <fieldset></fieldset>

              <pre>_______________________________________________

Icecast mailing list

<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a>

<a href="http://lists.xiph.org/mailman/listinfo/icecast" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a>

</pre>

            </blockquote>

          </div>

          _______________________________________________<br>

          Icecast mailing list<br>

          <a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>

          <a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>

        </blockquote>

      </div>

      <br>

      <fieldset></fieldset>

      <pre>_______________________________________________

Icecast mailing list

<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a>

<a href="http://lists.xiph.org/mailman/listinfo/icecast" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a>

</pre>

    </blockquote>

  </div>

_______________________________________________<br>

Icecast mailing list<br>

<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>

<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>

</blockquote></div>