12 messages in ru.sysoev.nginxRe: GeoIP rewite rule?, redirect CHIN...| From | Sent On | Attachments |
|---|---|---|
| David Taveras | Feb 13, 2010 9:05 pm | |
| David Taveras | Feb 13, 2010 9:15 pm | |
| Jim Ohlstein | Feb 13, 2010 9:20 pm | |
| CLIFFORD ILKAY | Feb 14, 2010 12:56 pm | |
| Cliff Wells | Feb 14, 2010 4:35 pm | |
| CLIFFORD ILKAY | Feb 14, 2010 5:45 pm | |
| Todd Fisher | Feb 14, 2010 7:18 pm | |
| CLIFFORD ILKAY | Feb 14, 2010 7:55 pm | |
| Cliff Wells | Feb 14, 2010 9:39 pm | |
| Cliff Wells | Feb 14, 2010 9:44 pm | |
| CLIFFORD ILKAY | Feb 14, 2010 10:26 pm | |
| Jim Ohlstein | Feb 15, 2010 6:27 am |
| Subject: | Re: GeoIP rewite rule?, redirect CHINA users to an error page. | |
|---|---|---|
| From: | Cliff Wells (cli...@develix.com) | |
| Date: | Feb 14, 2010 9:39:40 pm | |
| List: | ru.sysoev.nginx | |
On Sun, 2010-02-14 at 20:45 -0500, CLIFFORD ILKAY wrote:
On 02/14/2010 07:35 PM, Cliff Wells wrote:
On Sun, 2010-02-14 at 15:57 -0500, CLIFFORD ILKAY wrote:
ru no;
... and yet for some reason they run a Russian web server.
We picked the server, not our client.
I was just enjoying the irony ;)
While I'm sympathetic to the motives, I've always found blocking entire regions somewhat akin to securing a server by unplugging it from the internet.
There is no political motive for blocking Russia, or any other country. It's purely practical, though I agree with you that such measures are quite futile in keeping out bad guys for it would take them all of 30 seconds to defeat this scheme by using a proxy.
I've actually found it be worse than futile. I used to block IP ranges for various reasons until I decided that this not only robbed me of valuable raw data about attacks, but more importantly, it robbed me of motivation (and justification) to address actual problems, since they instantly became orders of magnitude smaller.
Incidentally I'm not trying to lecture you, but I think this conversation is worth having in this public forum as there are many people who will read this at some future date, and without some counter-argument, they might be led into thinking this is a good solution to a security-related problem without considering all the implications first.
Regards, Cliff
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx