GeoIP rewite rule?, redirect CHINA users to an error page.

Cliff Wells cliff at
Mon Feb 15 08:40:03 MSK 2010

On Sun, 2010-02-14 at 20:45 -0500, CLIFFORD ILKAY wrote:
> On 02/14/2010 07:35 PM, Cliff Wells wrote:
> > On Sun, 2010-02-14 at 15:57 -0500, CLIFFORD ILKAY wrote:
> >>       ru no;
> >
> > ... and yet for some reason they run a Russian web server.
> We picked the server, not our client.

I was just enjoying the irony ;)

> > While I'm sympathetic to the motives, I've always found blocking entire
> > regions somewhat akin to securing a server by unplugging it from the
> > internet.
> There is no political motive for blocking Russia, or any other country. 
> It's purely practical, though I agree with you that such measures are 
> quite futile in keeping out bad guys for it would take them all of 30 
> seconds to defeat this scheme by using a proxy.

I've actually found it be worse than futile.  I used to block IP ranges
for various reasons until I decided that this not only robbed me of
valuable raw data about attacks, but more importantly, it robbed me of
motivation (and justification) to address actual problems, since they
instantly became orders of magnitude smaller.

Incidentally I'm not trying to lecture you, but I think this
conversation is worth having in this public forum as there are many
people who will read this at some future date, and without some
counter-argument, they might be led into thinking this is a good
solution to a security-related problem without considering all the
implications first.



More information about the nginx mailing list