<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Ah,</p>
<p>I must have overlooked that requirement in my first reply. I
don't think you can do it natively in Icecast, and doing this in
the kernel will be too low level and too wide a block, so I guess
a web application firewall or a reverse proxy is the way to go.
Maybe setting up HAproxy or similar could solve this?</p>
<p>--<br>
Marius<br>
</p>
On 26.03.2020 13:49, Chip wrote:<br>
<blockquote type="cite"
cite="mid:CAKCymP0NAKPUm4CUKGEb+NLfu=XKK0JT5pUHvKKLJu9DJgd9ow@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Thanks.</div>
<div><br>
</div>
<div>Indeed - but is it it possible to block IP addresses on a
per mountpoint level? For example, my user with
/mountpointA.ogg does not mind being hammered by connections
from 93.184.216.34 [<a href="http://example.com"
target="_blank" moz-do-not-send="true">example.com</a>] but
my user with /mountpointB.ogg wants to block that IP address.</div>
<div>
<div><br>
</div>
<div>Using iptables I've blocked connections, at a server
level, from <a href="http://example.com"
moz-do-not-send="true">example.com</a> for my User B but
my User A doesn't mind their connection being probed once
per minute 24/7/365 by a badly-configured player from that
IP address.</div>
<div><br>
</div>
<div>Thank you</div>
<div><br>
</div>
<div>Chip Scooter<br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, 26 Mar 2020 at 11:30,
Marius Flage <<a href="mailto:marius@flage.org"
moz-do-not-send="true">marius@flage.org</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>I believe the easiest is just to do this using iptables
('iptables -A INPUT -s 93.184.216.34 -j DROP'). There's
also an geoip module available for iptables.<br>
</p>
<p>--<br>
Marius<br>
</p>
<div>On 26.03.2020 12:16, Chip wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi</div>
<div><br>
</div>
<div>Several questions below:<br>
</div>
<div><br>
</div>
<div>a) is it possible to block IP addresses on a per
mountpoint level e.g. my user with /mountpointA.ogg
does not mind being hammered by connections from
93.184.216.34 [<a href="http://example.com"
target="_blank" moz-do-not-send="true">example.com</a>]
but my user with /mountpointB.ogg wants to block that
IP address.</div>
<div><br>
</div>
<div>b) is it possible to geoblock ranges of IP
addresses and whole countries on a per mountpoint
basis?</div>
<div><br>
</div>
<div>c) what options do people use for geoblocking? I'm
on a VPS so ipset is currently not an option.</div>
<div><br>
</div>
<div>Many thanks in advance</div>
<div><br>
</div>
<div>Chip Scooter<br>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Icecast mailing list
<a href="mailto:Icecast@xiph.org" target="_blank" moz-do-not-send="true">Icecast@xiph.org</a>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" target="_blank" moz-do-not-send="true">http://lists.xiph.org/mailman/listinfo/icecast</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org" target="_blank"
moz-do-not-send="true">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Icecast mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Icecast@xiph.org">Icecast@xiph.org</a>
<a class="moz-txt-link-freetext" href="http://lists.xiph.org/mailman/listinfo/icecast">http://lists.xiph.org/mailman/listinfo/icecast</a>
</pre>
</blockquote>
</body>
</html>