# The blog post that started it all: https://neocities.org/blog/the-fcc-is-now-rate-limited | |
# | |
# Current known FCC address ranges: | |
# https://news.ycombinator.com/item?id=7716915 | |
# | |
# Confirm/locate FCC IP ranges with this: http://whois.arin.net/rest/net/NET-165-135-0-0-1/pft | |
# | |
# In your nginx.conf: | |
location / { | |
if ( $remote_addr ~* 192.133.125.0/24 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 165.135.0.0/16 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 192.104.54.0/24 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 4.21.126.0/24 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 65.125.25.64/26 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 208.23.64.0/25 ) { | |
limit_rate 3k; | |
} | |
# put the serve files or proxy_pass code here. | |
} |
This comment has been minimized.
This comment has been minimized.
oh those are some fun IP addresses to know :) |
This comment has been minimized.
This comment has been minimized.
Nice. For performance reasons, and with an increasing number of IP ranges, this ought to be a map though. Example (untested):
And then
|
This comment has been minimized.
This comment has been minimized.
Should a simple header/corner banner be injected also? |
This comment has been minimized.
This comment has been minimized.
I think the slowed effect would annoy people enough as it is, perhaps having a larger impact. |
This comment has been minimized.
This comment has been minimized.
I recommend a big black overprint (;-)) |
This comment has been minimized.
This comment has been minimized.
This is beautiful. Implementing on my sites. |
This comment has been minimized.
This comment has been minimized.
Welp, I've got some work to do this weekend. Will post an Apache fork (yeah, I know). |
This comment has been minimized.
This comment has been minimized.
Don't forget IPv6. :) In addition, this is a better link to get all the networks associated with their OrgID: http://whois.arin.net/rest/org/FCC/nets Also: http://whois.arin.net/rest/customer/C00544421 and http://whois.arin.net/rest/customer/C00578176 cover what look like some extremely old reassigned blocks (63.109.101.0/24 and 208.245.40.192/29). |
This comment has been minimized.
This comment has been minimized.
@alexzeitgeist Much better! I'll test that out in a little bit. @baughj I'll add them to the list, thanks. |
This comment has been minimized.
This comment has been minimized.
We've all seen the 'If Is Evil' page on the Nginx wiki, so can anyone estimate the performance hit for this? I'm all for throttling these morons but if it slows the server down for everyone, then the joke is on us. |
This comment has been minimized.
This comment has been minimized.
It would be great to add the office networks for Comcast, Verizon, and other ISP's lobbying against regulation. |
This comment has been minimized.
This comment has been minimized.
Well played |
This comment has been minimized.
This comment has been minimized.
A banner could say 'Our site appears to be getting rate-limited by the FCC', or something of the sort. Make people believe it's already happened and that slow sites are the future, instead of some only potential, distant problem. Then tell them this is what it WOULD be like. Then redirect/link to somewhere where they can sign a petition. |
This comment has been minimized.
This comment has been minimized.
@mykecameron That is what I was thinking!! Anyone have those IP blocks? |
This comment has been minimized.
This comment has been minimized.
hard to put a banner on your site from within nginx... this gets the point across. I wish some big sites would enforce this... ars + techcrunch would be great. |
This comment has been minimized.
This comment has been minimized.
Just for fun, some quasi code:
|
This comment has been minimized.
This comment has been minimized.
Fucking brilliant. |
This comment has been minimized.
This comment has been minimized.
Waiting for Google to kick in here. This will show how intelligent the FCC really is, given that they will be all attempting to use the search engine to find said knowledge. I doubt their response to any of our questions from here going forward will be very FAST! Dun Dun DuuuuuHHH!!!! |
This comment has been minimized.
This comment has been minimized.
Of maybe a better banner would be: "For increased speed, please make a donation to the EFF" |
This comment has been minimized.
This comment has been minimized.
@alexzeitgeist the if statement should only have one equals. eg:
|
This comment has been minimized.
This comment has been minimized.
Added and running, thank you. |
This comment has been minimized.
This comment has been minimized.
Ported to apache https://gist.github.com/m1/e5f1f190ba309b500f0a |
This comment has been minimized.
This comment has been minimized.
Well played sir... golf clap |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
What is Comcast's ranges? |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
As a disgruntled (and optionless) Comcast customer, I would be perfectly fine if Google did this to all Comcast networks. |
This comment has been minimized.
This comment has been minimized.
This made my Friday. |
This comment has been minimized.
This comment has been minimized.
We need an apache 2.2 version :-( wish I knew how to code it. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
http {
geo $fccjail {
default 0;
192.133.125.0/24 1;
165.135.0.0/16 1;
192.104.54.0/24 1;
4.21.126.0/24 1;
65.125.25.64/26 1;
208.23.64.0/25 1;
2620:0:610::/48 1;
2600:803:230::/48 1;
}
limit_req_zone $binary_remote_addr zone=fccjailreq:8m rate=5r/s;
limit_req zone=fccjailreq burst=5 nodelay;
} |
This comment has been minimized.
This comment has been minimized.
So proud for neocities. |
This comment has been minimized.
This comment has been minimized.
I only wish we could do this to every computer and device that anyone in management or at any level of decision making beyond peon at the FCC uses. Home, work, mobile, all of it. Then make them paid for tiered speedups. Cost $10 per month per 100Kbps. |
This comment has been minimized.
This comment has been minimized.
@teichopsia Can you show how I can make that work with 3kb rate limit? |
This comment has been minimized.
This comment has been minimized.
like the idea. would be nice to include congress and probably the supreme court as well. likely the best way to get the point across, especially if central sites like google and netflix participated. |
This comment has been minimized.
This comment has been minimized.
great idea. |
This comment has been minimized.
This comment has been minimized.
This is a peaceful protest I can get behind. |
This comment has been minimized.
This comment has been minimized.
@ross I was going to say that might be illegal, but then I realized, it must not be, since this law is up for grabs, and if they are annoyed enough to make it illegal, mission accomplished. DO. IT. |
This comment has been minimized.
This comment has been minimized.
Any chance of a port to Litespeed???? Please?? Or can this be dumped into litespeed since its "supposed" to be "drop in" for Apache...I've seen the Apache fork... but I found out that my newest box uses Litespeed v. Apache :( :( Any chance for Litespeed??? Thanks. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
For developers on LAMP stacks I offer the following .htaccess rules:
...where in this example throttle.php is a script that perhaps uses a combination of ob_start(), ob_get_clean() and sleep() to dribble the output. If you use the sleep() approach, be sure to use set_time_limit() to set a long execution time if you don't want PHP to exit at the default 30 seconds. |
This comment has been minimized.
This comment has been minimized.
^Thanks, I am the webmaster for a hosting company and will employ this immediately. |
This comment has been minimized.
This comment has been minimized.
Just to confirm.. aren't these the public IPs for FCC in-bound services and what not? Are FCC employees actually sourcing connections out from behind these IPs (eg, their phone, home, or office connection)? This would be like throttling the IP(s) for www.google.com to give Google employees a bad time -- right? Does anyone have access logs showing traffic from these IPs? |
This comment has been minimized.
This comment has been minimized.
FYI: FCC has a few more IP addresses than above: This from ARIN.NET (the people who assign NA IP addresses): FCC (NET-165-135-0-0-1) 165.135.0.0 - 165.135.255.255 However - in my 15+ years in telecommunications, it entirely too easy to source from a different subnet not listed here. Unfortunately as xyntrix said, web logs will tell the tale of where the source is coming from. (my two cents) - while this is a SPECTACULAR idea, it won't last long as subnets and source IP's can be added to their servers and NOT added to the FCC's AS/BGP announcements. Good luck guys! |
This comment has been minimized.
This comment has been minimized.
No need for mod rewrite and icky php scripts. mod_ratelimit does this. http://httpd.apache.org/docs/current/mod/mod_ratelimit.html |
This comment has been minimized.
This comment has been minimized.
applause |
This comment has been minimized.
This comment has been minimized.
Would have been nice if Netflix did this with Comcast customers. Instead of paying Comcast for doing what its customers already pay them for, have them pay to keep their own customers happy. (I realise they couldn't have because monopoly and not wanting to be the bad guy, but still, one can dream...) |
This comment has been minimized.
This comment has been minimized.
There has to be a way to emulate this in JS. Then we could make a Cloudflare app.... |
This comment has been minimized.
This comment has been minimized.
for sake of completness, lighttpd version: https://gist.github.com/ft11/34fb1974eb5aff8a36fd |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Sorry for the n00b question... My site is WordPress powered hosted on GoDaddy. Any idea how to implement this? Or if someone can make a plugin like the SOPA blackout one, that would be awesome! |
This comment has been minimized.
This comment has been minimized.
Thank you for this, implementing it directly. Logic will prevail. |
This comment has been minimized.
This comment has been minimized.
I look forward to these ranges being reassigned, then all of you forgetting this shit in your long, crusty configuration file, then spending four days trying to figure out why only $isp customers in $region can't do shit with your site. Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind. (Also, the Apache 12-regexes-per-request to a PHP script that calls |
This comment has been minimized.
This comment has been minimized.
Not tested and could use some improvements. I'll make a better version and post tomorrow. = ip2long("192.133.125.0") && $ip <= ip2long("192.133.125.24") ) || ( $ip >= ip2long("165.135.0.0") && $ip <= ip2long("165.135.0.16") ) || ( $ip >= ip2long("192.104.54.0") && $ip <= ip2long("192.104.54.24") ) || ( $ip >= ip2long("4.21.126.0") && $ip <= ip2long("4.21.126.0/24") ) || ( $ip >= ip2long("65.125.25.26") && $ip <= ip2long("65.125.25.64") ) || ( $ip >= ip2long("208.23.64.0") && $ip <= ip2long("208.23.64.25") )) { //Redirect to some horrible site. You need to change the last line for this script to work. header("Location: lemonparty.org || meatspin.cc || someOtherHorribleSite.whatevs"); die(); } ?> |
This comment has been minimized.
This comment has been minimized.
Can't tell if this is a joke or pure idiocy. Also this made me laugh:
|
This comment has been minimized.
This comment has been minimized.
@m1 Pay no heed. Apple's employees know everything about everything. |
This comment has been minimized.
This comment has been minimized.
Genius. FWIW: If you are a MaxCDN customer you can enable this in the CP: http://blog.maxcdn.com/throttle-fcc-fight-net-neutrality/ |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
+1 |
This comment has been minimized.
This comment has been minimized.
Brilliant! Implementing this on all of my sites... |
This comment has been minimized.
This comment has been minimized.
Anyone implemented this recently? |
This comment has been minimized.
This comment has been minimized.
Are those IP-ranges still correct? |
This comment has been minimized.
Thank you for this, I've implemented it on all of my sites.