Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to throttle the FCC to dial up modem speeds on your website using Nginx
# The blog post that started it all: https://neocities.org/blog/the-fcc-is-now-rate-limited
#
# Current known FCC address ranges:
# https://news.ycombinator.com/item?id=7716915
#
# Confirm/locate FCC IP ranges with this: http://whois.arin.net/rest/net/NET-165-135-0-0-1/pft
#
# In your nginx.conf:
location / {
if ( $remote_addr ~* 192.133.125.0/24 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 165.135.0.0/16 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 192.104.54.0/24 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 4.21.126.0/24 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 65.125.25.64/26 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 208.23.64.0/25 ) {
limit_rate 3k;
}
# put the serve files or proxy_pass code here.
}
@ecnepsnai

This comment has been minimized.

Show comment
Hide comment
@ecnepsnai

ecnepsnai May 9, 2014

Thank you for this, I've implemented it on all of my sites.

Thank you for this, I've implemented it on all of my sites.

@patrickcoombe

This comment has been minimized.

Show comment
Hide comment
@patrickcoombe

patrickcoombe May 9, 2014

oh those are some fun IP addresses to know :)

oh those are some fun IP addresses to know :)

@alexzeitgeist

This comment has been minimized.

Show comment
Hide comment
@alexzeitgeist

alexzeitgeist May 9, 2014

Nice. For performance reasons, and with an increasing number of IP ranges, this ought to be a map though. Example (untested):

map $remote_addr $throttle_fcc {
        default 0;
        192.133.125.0/24 1;
        165.135.0.0/16 1;
        192.104.54.0/24 1;
        4.21.126.0/24 1;
        65.125.25.64/26 1;
        208.23.64.0/25 1;
}

And then

location / {
    if ($throttle_fcc == 1) {
        limit_rate 3k;
    }
}

Nice. For performance reasons, and with an increasing number of IP ranges, this ought to be a map though. Example (untested):

map $remote_addr $throttle_fcc {
        default 0;
        192.133.125.0/24 1;
        165.135.0.0/16 1;
        192.104.54.0/24 1;
        4.21.126.0/24 1;
        65.125.25.64/26 1;
        208.23.64.0/25 1;
}

And then

location / {
    if ($throttle_fcc == 1) {
        limit_rate 3k;
    }
}
@heeton

This comment has been minimized.

Show comment
Hide comment
@heeton

heeton May 9, 2014

Should a simple header/corner banner be injected also?
Give people 5-min copy-paste job to set up their own throttled connection with an explanation.

heeton commented May 9, 2014

Should a simple header/corner banner be injected also?
Give people 5-min copy-paste job to set up their own throttled connection with an explanation.

@fallenby

This comment has been minimized.

Show comment
Hide comment
@fallenby

fallenby May 9, 2014

I think the slowed effect would annoy people enough as it is, perhaps having a larger impact.

fallenby commented May 9, 2014

I think the slowed effect would annoy people enough as it is, perhaps having a larger impact.

@davecb

This comment has been minimized.

Show comment
Hide comment
@davecb

davecb May 9, 2014

I recommend a big black overprint (;-))

davecb commented May 9, 2014

I recommend a big black overprint (;-))

@Olliepop

This comment has been minimized.

Show comment
Hide comment
@Olliepop

Olliepop May 9, 2014

This is beautiful. Implementing on my sites.

Olliepop commented May 9, 2014

This is beautiful. Implementing on my sites.

@FlipperPA

This comment has been minimized.

Show comment
Hide comment
@FlipperPA

FlipperPA May 9, 2014

Welp, I've got some work to do this weekend. Will post an Apache fork (yeah, I know).

Welp, I've got some work to do this weekend. Will post an Apache fork (yeah, I know).

@baughj

This comment has been minimized.

Show comment
Hide comment
@baughj

baughj May 9, 2014

Don't forget IPv6. :)

In addition, this is a better link to get all the networks associated with their OrgID: http://whois.arin.net/rest/org/FCC/nets

Also: http://whois.arin.net/rest/customer/C00544421 and http://whois.arin.net/rest/customer/C00578176 cover what look like some extremely old reassigned blocks (63.109.101.0/24 and 208.245.40.192/29).

baughj commented May 9, 2014

Don't forget IPv6. :)

In addition, this is a better link to get all the networks associated with their OrgID: http://whois.arin.net/rest/org/FCC/nets

Also: http://whois.arin.net/rest/customer/C00544421 and http://whois.arin.net/rest/customer/C00578176 cover what look like some extremely old reassigned blocks (63.109.101.0/24 and 208.245.40.192/29).

@kyledrake

This comment has been minimized.

Show comment
Hide comment
@kyledrake

kyledrake May 9, 2014

@alexzeitgeist Much better! I'll test that out in a little bit. @baughj I'll add them to the list, thanks.

Owner

kyledrake commented May 9, 2014

@alexzeitgeist Much better! I'll test that out in a little bit. @baughj I'll add them to the list, thanks.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 9, 2014

We've all seen the 'If Is Evil' page on the Nginx wiki, so can anyone estimate the performance hit for this? I'm all for throttling these morons but if it slows the server down for everyone, then the joke is on us.

ghost commented May 9, 2014

We've all seen the 'If Is Evil' page on the Nginx wiki, so can anyone estimate the performance hit for this? I'm all for throttling these morons but if it slows the server down for everyone, then the joke is on us.

@mykecameron

This comment has been minimized.

Show comment
Hide comment
@mykecameron

mykecameron May 9, 2014

It would be great to add the office networks for Comcast, Verizon, and other ISP's lobbying against regulation.

It would be great to add the office networks for Comcast, Verizon, and other ISP's lobbying against regulation.

@tlherr

This comment has been minimized.

Show comment
Hide comment
@tlherr

tlherr May 9, 2014

Well played

tlherr commented May 9, 2014

Well played

@JohnAllen

This comment has been minimized.

Show comment
Hide comment
@JohnAllen

JohnAllen May 9, 2014

A banner could say 'Our site appears to be getting rate-limited by the FCC', or something of the sort. Make people believe it's already happened and that slow sites are the future, instead of some only potential, distant problem. Then tell them this is what it WOULD be like. Then redirect/link to somewhere where they can sign a petition.

A banner could say 'Our site appears to be getting rate-limited by the FCC', or something of the sort. Make people believe it's already happened and that slow sites are the future, instead of some only potential, distant problem. Then tell them this is what it WOULD be like. Then redirect/link to somewhere where they can sign a petition.

@wesleytodd

This comment has been minimized.

Show comment
Hide comment
@wesleytodd

wesleytodd May 9, 2014

@mykecameron That is what I was thinking!! Anyone have those IP blocks?

@mykecameron That is what I was thinking!! Anyone have those IP blocks?

@mandb

This comment has been minimized.

Show comment
Hide comment
@mandb

mandb May 9, 2014

hard to put a banner on your site from within nginx... this gets the point across. I wish some big sites would enforce this... ars + techcrunch would be great.

mandb commented May 9, 2014

hard to put a banner on your site from within nginx... this gets the point across. I wish some big sites would enforce this... ars + techcrunch would be great.

@funkytaco

This comment has been minimized.

Show comment
Hide comment
@funkytaco

funkytaco May 9, 2014

Just for fun, some quasi code:

if ($_GET['throttle_fcc'] = 1) { showBanner("SLOW TRAFFIC KEEP RIGHT"); }

Just for fun, some quasi code:

if ($_GET['throttle_fcc'] = 1) { showBanner("SLOW TRAFFIC KEEP RIGHT"); }
@mattpavelle

This comment has been minimized.

Show comment
Hide comment
@mattpavelle

mattpavelle May 9, 2014

Fucking brilliant.

Fucking brilliant.

@niftyapple

This comment has been minimized.

Show comment
Hide comment
@niftyapple

niftyapple May 9, 2014

Waiting for Google to kick in here.

This will show how intelligent the FCC really is, given that they will be all attempting to use the search engine to find said knowledge. I doubt their response to any of our questions from here going forward will be very FAST! Dun Dun DuuuuuHHH!!!!

Waiting for Google to kick in here.

This will show how intelligent the FCC really is, given that they will be all attempting to use the search engine to find said knowledge. I doubt their response to any of our questions from here going forward will be very FAST! Dun Dun DuuuuuHHH!!!!

@thefotios

This comment has been minimized.

Show comment
Hide comment
@thefotios

thefotios May 9, 2014

Of maybe a better banner would be: "For increased speed, please make a donation to the EFF"

Of maybe a better banner would be: "For increased speed, please make a donation to the EFF"

@nfrm

This comment has been minimized.

Show comment
Hide comment
@nfrm

nfrm May 9, 2014

@alexzeitgeist the if statement should only have one equals.

eg:

location / {
    if ($throttle_fcc = 1) {
        limit_rate 3k;
    }
}

nfrm commented May 9, 2014

@alexzeitgeist the if statement should only have one equals.

eg:

location / {
    if ($throttle_fcc = 1) {
        limit_rate 3k;
    }
}
@razster

This comment has been minimized.

Show comment
Hide comment
@razster

razster May 9, 2014

Added and running, thank you.

razster commented May 9, 2014

Added and running, thank you.

@m1

This comment has been minimized.

Show comment
Hide comment
@tbrooks007

This comment has been minimized.

Show comment
Hide comment
@tbrooks007

tbrooks007 May 9, 2014

Well played sir... golf clap

Well played sir... golf clap

@andrewpurkett

This comment has been minimized.

Show comment
Hide comment
@andrewpurkett

andrewpurkett May 9, 2014

Overheard: "127.0.0.1 is where the heart is, but the 0.0.0.0 is made of latinum."

Money talks

Overheard: "127.0.0.1 is where the heart is, but the 0.0.0.0 is made of latinum."

Money talks

@Grandt

This comment has been minimized.

Show comment
Hide comment
@Grandt

Grandt May 9, 2014

What is Comcast's ranges?

Grandt commented May 9, 2014

What is Comcast's ranges?

@retr0h

This comment has been minimized.

Show comment
Hide comment

retr0h commented May 9, 2014

@loisaidasam

This comment has been minimized.

Show comment
Hide comment

👍

@bdmorin

This comment has been minimized.

Show comment
Hide comment
@bdmorin

bdmorin May 9, 2014

As a disgruntled (and optionless) Comcast customer, I would be perfectly fine if Google did this to all Comcast networks.

bdmorin commented May 9, 2014

As a disgruntled (and optionless) Comcast customer, I would be perfectly fine if Google did this to all Comcast networks.

@professordino

This comment has been minimized.

Show comment
Hide comment
@professordino

professordino May 9, 2014

This made my Friday.

This made my Friday.

@rjonesx

This comment has been minimized.

Show comment
Hide comment
@rjonesx

rjonesx May 9, 2014

We need an apache 2.2 version :-( wish I knew how to code it.

rjonesx commented May 9, 2014

We need an apache 2.2 version :-( wish I knew how to code it.

@teichopsia

This comment has been minimized.

Show comment
Hide comment
@teichopsia

teichopsia May 9, 2014

  1. should be geo to actually match cidrs. you regex hostnames not cidrs.
  2. use bra to reduce memory footprint.
  3. this one depends on your strategy. I prefer to limit requests (and connections but trickier) vs rates after connection.
  4. let's get serious and send the fcc back to 1993 on the rate
http {
        geo $fccjail {
                default 0;
                192.133.125.0/24 1;
                165.135.0.0/16 1;
                192.104.54.0/24 1;
                4.21.126.0/24 1;
                65.125.25.64/26 1;
                208.23.64.0/25 1;
                2620:0:610::/48 1;
                2600:803:230::/48 1;
        }
        limit_req_zone $binary_remote_addr zone=fccjailreq:8m rate=5r/s;
        limit_req zone=fccjailreq burst=5 nodelay;
}

@kehlarn

  1. should be geo to actually match cidrs. you regex hostnames not cidrs.
  2. use bra to reduce memory footprint.
  3. this one depends on your strategy. I prefer to limit requests (and connections but trickier) vs rates after connection.
  4. let's get serious and send the fcc back to 1993 on the rate
http {
        geo $fccjail {
                default 0;
                192.133.125.0/24 1;
                165.135.0.0/16 1;
                192.104.54.0/24 1;
                4.21.126.0/24 1;
                65.125.25.64/26 1;
                208.23.64.0/25 1;
                2620:0:610::/48 1;
                2600:803:230::/48 1;
        }
        limit_req_zone $binary_remote_addr zone=fccjailreq:8m rate=5r/s;
        limit_req zone=fccjailreq burst=5 nodelay;
}

@kehlarn

@BrentW

This comment has been minimized.

Show comment
Hide comment
@BrentW

BrentW May 9, 2014

So proud for neocities.

BrentW commented May 9, 2014

So proud for neocities.

@pthurmond

This comment has been minimized.

Show comment
Hide comment
@pthurmond

pthurmond May 9, 2014

I only wish we could do this to every computer and device that anyone in management or at any level of decision making beyond peon at the FCC uses. Home, work, mobile, all of it. Then make them paid for tiered speedups. Cost $10 per month per 100Kbps.

I only wish we could do this to every computer and device that anyone in management or at any level of decision making beyond peon at the FCC uses. Home, work, mobile, all of it. Then make them paid for tiered speedups. Cost $10 per month per 100Kbps.

@kyledrake

This comment has been minimized.

Show comment
Hide comment
@kyledrake

kyledrake May 9, 2014

@teichopsia Can you show how I can make that work with 3kb rate limit?

Owner

kyledrake commented May 9, 2014

@teichopsia Can you show how I can make that work with 3kb rate limit?

@ross

This comment has been minimized.

Show comment
Hide comment
@ross

ross May 9, 2014

like the idea. would be nice to include congress and probably the supreme court as well. likely the best way to get the point across, especially if central sites like google and netflix participated.

ross commented May 9, 2014

like the idea. would be nice to include congress and probably the supreme court as well. likely the best way to get the point across, especially if central sites like google and netflix participated.

@ryanbeymer

This comment has been minimized.

Show comment
Hide comment
@ryanbeymer

ryanbeymer May 9, 2014

great idea.

great idea.

@KevinKoleckar

This comment has been minimized.

Show comment
Hide comment
@KevinKoleckar

KevinKoleckar May 9, 2014

This is a peaceful protest I can get behind.

This is a peaceful protest I can get behind.

@dilijev

This comment has been minimized.

Show comment
Hide comment
@dilijev

dilijev May 10, 2014

@ross I was going to say that might be illegal, but then I realized, it must not be, since this law is up for grabs, and if they are annoyed enough to make it illegal, mission accomplished.

DO. IT.

dilijev commented May 10, 2014

@ross I was going to say that might be illegal, but then I realized, it must not be, since this law is up for grabs, and if they are annoyed enough to make it illegal, mission accomplished.

DO. IT.

@rec9140

This comment has been minimized.

Show comment
Hide comment
@rec9140

rec9140 May 10, 2014

Any chance of a port to Litespeed???? Please?? Or can this be dumped into litespeed since its "supposed" to be "drop in" for Apache...I've seen the Apache fork... but I found out that my newest box uses Litespeed v. Apache :( :(

Any chance for Litespeed???

Thanks.

rec9140 commented May 10, 2014

Any chance of a port to Litespeed???? Please?? Or can this be dumped into litespeed since its "supposed" to be "drop in" for Apache...I've seen the Apache fork... but I found out that my newest box uses Litespeed v. Apache :( :(

Any chance for Litespeed???

Thanks.

@DamnInteresting

This comment has been minimized.

Show comment
Hide comment
@DamnInteresting

DamnInteresting May 10, 2014

For developers on LAMP stacks I offer the following .htaccess rules:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^192\.133\.125\. [OR]
RewriteCond %{REMOTE_ADDR} ^165\.135\. [OR]
RewriteCond %{REMOTE_ADDR} ^192\.104\.54\. [OR]
RewriteCond %{REMOTE_ADDR} ^4\.21\.126\. [OR]
RewriteCond %{REMOTE_ADDR} ^65\.125\.25\.(6[4-9]|[7-9]\d|10\d|11\d|12[0-7])$ [OR]
RewriteCond %{REMOTE_ADDR} ^208\.23\.64\.(\d|\d\d|11\d|12[0-7])$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^192\.133\.125\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^165\.135\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^192\.104\.54\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^4\.21\.126\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^65\.125\.25\.(6[4-9]|[7-9]\d|10\d|11\d|12[0-7])$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^208\.23\.64\.(\d|\d\d|11\d|12[0-7])$
RewriteRule ^(.*)$ /throttle.php?rate=3000 [L,QSA]
</IfModule>

...where in this example throttle.php is a script that perhaps uses a combination of ob_start(), ob_get_clean() and sleep() to dribble the output. If you use the sleep() approach, be sure to use set_time_limit() to set a long execution time if you don't want PHP to exit at the default 30 seconds.

For developers on LAMP stacks I offer the following .htaccess rules:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^192\.133\.125\. [OR]
RewriteCond %{REMOTE_ADDR} ^165\.135\. [OR]
RewriteCond %{REMOTE_ADDR} ^192\.104\.54\. [OR]
RewriteCond %{REMOTE_ADDR} ^4\.21\.126\. [OR]
RewriteCond %{REMOTE_ADDR} ^65\.125\.25\.(6[4-9]|[7-9]\d|10\d|11\d|12[0-7])$ [OR]
RewriteCond %{REMOTE_ADDR} ^208\.23\.64\.(\d|\d\d|11\d|12[0-7])$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^192\.133\.125\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^165\.135\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^192\.104\.54\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^4\.21\.126\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^65\.125\.25\.(6[4-9]|[7-9]\d|10\d|11\d|12[0-7])$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^208\.23\.64\.(\d|\d\d|11\d|12[0-7])$
RewriteRule ^(.*)$ /throttle.php?rate=3000 [L,QSA]
</IfModule>

...where in this example throttle.php is a script that perhaps uses a combination of ob_start(), ob_get_clean() and sleep() to dribble the output. If you use the sleep() approach, be sure to use set_time_limit() to set a long execution time if you don't want PHP to exit at the default 30 seconds.

@xy0

This comment has been minimized.

Show comment
Hide comment
@xy0

xy0 May 10, 2014

^Thanks, I am the webmaster for a hosting company and will employ this immediately.

xy0 commented May 10, 2014

^Thanks, I am the webmaster for a hosting company and will employ this immediately.

@xyntrix

This comment has been minimized.

Show comment
Hide comment
@xyntrix

xyntrix May 10, 2014

Just to confirm.. aren't these the public IPs for FCC in-bound services and what not? Are FCC employees actually sourcing connections out from behind these IPs (eg, their phone, home, or office connection)?

This would be like throttling the IP(s) for www.google.com to give Google employees a bad time -- right? Does anyone have access logs showing traffic from these IPs?

xyntrix commented May 10, 2014

Just to confirm.. aren't these the public IPs for FCC in-bound services and what not? Are FCC employees actually sourcing connections out from behind these IPs (eg, their phone, home, or office connection)?

This would be like throttling the IP(s) for www.google.com to give Google employees a bad time -- right? Does anyone have access logs showing traffic from these IPs?

@imseanbrown

This comment has been minimized.

Show comment
Hide comment
@imseanbrown

imseanbrown May 10, 2014

FYI: FCC has a few more IP addresses than above:

This from ARIN.NET (the people who assign NA IP addresses):

FCC (NET-165-135-0-0-1) 165.135.0.0 - 165.135.255.255
FCCNET2 (NET-192-133-125-0-1) 192.133.125.0 - 192.133.125.255
FCCNET (NET-192-104-54-0-1) 192.104.54.0 - 192.104.54.255
FCC2-126-30 (NET-4-21-126-0-1) 4.21.126.0 - 4.21.126.255
FCC (NET6-2620-610-1) 2620:0:610:: - 2620:0:610:FFFF:FFFF:FFFF:FFFF:FFFF
SPRINTLINK (NET-208-23-64-0-1) 208.23.64.0 - 208.23.64.127
TBD (NET6-2600-803-230-1) 2600:803:230:: - 2600:803:230:FFFF:FFFF:FFFF:FFFF:FFFF
Q0503-65-125-25-64 (NET-65-125-25-64-1) 65.125.25.64 - 65.125.25.127
SPRINTLINK (NET-208-31-254-128-1) 208.31.254.128 - 208.31.254.255

However - in my 15+ years in telecommunications, it entirely too easy to source from a different subnet not listed here. Unfortunately as xyntrix said, web logs will tell the tale of where the source is coming from.

(my two cents) - while this is a SPECTACULAR idea, it won't last long as subnets and source IP's can be added to their servers and NOT added to the FCC's AS/BGP announcements.

Good luck guys!
Sean
http://www.sleepyshark.com

FYI: FCC has a few more IP addresses than above:

This from ARIN.NET (the people who assign NA IP addresses):

FCC (NET-165-135-0-0-1) 165.135.0.0 - 165.135.255.255
FCCNET2 (NET-192-133-125-0-1) 192.133.125.0 - 192.133.125.255
FCCNET (NET-192-104-54-0-1) 192.104.54.0 - 192.104.54.255
FCC2-126-30 (NET-4-21-126-0-1) 4.21.126.0 - 4.21.126.255
FCC (NET6-2620-610-1) 2620:0:610:: - 2620:0:610:FFFF:FFFF:FFFF:FFFF:FFFF
SPRINTLINK (NET-208-23-64-0-1) 208.23.64.0 - 208.23.64.127
TBD (NET6-2600-803-230-1) 2600:803:230:: - 2600:803:230:FFFF:FFFF:FFFF:FFFF:FFFF
Q0503-65-125-25-64 (NET-65-125-25-64-1) 65.125.25.64 - 65.125.25.127
SPRINTLINK (NET-208-31-254-128-1) 208.31.254.128 - 208.31.254.255

However - in my 15+ years in telecommunications, it entirely too easy to source from a different subnet not listed here. Unfortunately as xyntrix said, web logs will tell the tale of where the source is coming from.

(my two cents) - while this is a SPECTACULAR idea, it won't last long as subnets and source IP's can be added to their servers and NOT added to the FCC's AS/BGP announcements.

Good luck guys!
Sean
http://www.sleepyshark.com

@rbowen

This comment has been minimized.

Show comment
Hide comment
@rbowen

rbowen May 10, 2014

No need for mod rewrite and icky php scripts. mod_ratelimit does this. http://httpd.apache.org/docs/current/mod/mod_ratelimit.html

rbowen commented May 10, 2014

No need for mod rewrite and icky php scripts. mod_ratelimit does this. http://httpd.apache.org/docs/current/mod/mod_ratelimit.html

@pdp7

This comment has been minimized.

Show comment
Hide comment
@pdp7

pdp7 May 10, 2014

applause

pdp7 commented May 10, 2014

applause

@karel1980

This comment has been minimized.

Show comment
Hide comment
@karel1980

karel1980 May 10, 2014

Would have been nice if Netflix did this with Comcast customers. Instead of paying Comcast for doing what its customers already pay them for, have them pay to keep their own customers happy. (I realise they couldn't have because monopoly and not wanting to be the bad guy, but still, one can dream...)

Would have been nice if Netflix did this with Comcast customers. Instead of paying Comcast for doing what its customers already pay them for, have them pay to keep their own customers happy. (I realise they couldn't have because monopoly and not wanting to be the bad guy, but still, one can dream...)

@indolering

This comment has been minimized.

Show comment
Hide comment
@indolering

indolering May 10, 2014

There has to be a way to emulate this in JS. Then we could make a Cloudflare app....

There has to be a way to emulate this in JS. Then we could make a Cloudflare app....

@f4bio

This comment has been minimized.

Show comment
Hide comment
@f4bio

f4bio May 10, 2014

for sake of completness, lighttpd version: https://gist.github.com/ft11/34fb1974eb5aff8a36fd

f4bio commented May 10, 2014

for sake of completness, lighttpd version: https://gist.github.com/ft11/34fb1974eb5aff8a36fd

@AfterCredits

This comment has been minimized.

Show comment
Hide comment
@AfterCredits

AfterCredits May 10, 2014

Sorry for the n00b question...

My site is WordPress powered hosted on GoDaddy. Any idea how to implement this? Or if someone can make a plugin like the SOPA blackout one, that would be awesome!

Sorry for the n00b question...

My site is WordPress powered hosted on GoDaddy. Any idea how to implement this? Or if someone can make a plugin like the SOPA blackout one, that would be awesome!

@PowerFist

This comment has been minimized.

Show comment
Hide comment
@PowerFist

PowerFist May 11, 2014

Thank you for this, implementing it directly. Logic will prevail.

Thank you for this, implementing it directly. Logic will prevail.

@jedsmith

This comment has been minimized.

Show comment
Hide comment
@jedsmith

jedsmith May 11, 2014

I look forward to these ranges being reassigned, then all of you forgetting this shit in your long, crusty configuration file, then spending four days trying to figure out why only $isp customers in $region can't do shit with your site.

Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.

(Also, the Apache 12-regexes-per-request to a PHP script that calls sleep() is my personal favorite. In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)

I look forward to these ranges being reassigned, then all of you forgetting this shit in your long, crusty configuration file, then spending four days trying to figure out why only $isp customers in $region can't do shit with your site.

Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.

(Also, the Apache 12-regexes-per-request to a PHP script that calls sleep() is my personal favorite. In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)

@aardvark857

This comment has been minimized.

Show comment
Hide comment
@aardvark857

aardvark857 May 11, 2014

Not tested and could use some improvements. I'll make a better version and post tomorrow.

= ip2long("192.133.125.0") && $ip <= ip2long("192.133.125.24") ) || ( $ip >= ip2long("165.135.0.0") && $ip <= ip2long("165.135.0.16") ) || ( $ip >= ip2long("192.104.54.0") && $ip <= ip2long("192.104.54.24") ) || ( $ip >= ip2long("4.21.126.0") && $ip <= ip2long("4.21.126.0/24") ) || ( $ip >= ip2long("65.125.25.26") && $ip <= ip2long("65.125.25.64") ) || ( $ip >= ip2long("208.23.64.0") && $ip <= ip2long("208.23.64.25") )) { //Redirect to some horrible site. You need to change the last line for this script to work. header("Location: lemonparty.org || meatspin.cc || someOtherHorribleSite.whatevs"); die(); } ?>

Not tested and could use some improvements. I'll make a better version and post tomorrow.

= ip2long("192.133.125.0") && $ip <= ip2long("192.133.125.24") ) || ( $ip >= ip2long("165.135.0.0") && $ip <= ip2long("165.135.0.16") ) || ( $ip >= ip2long("192.104.54.0") && $ip <= ip2long("192.104.54.24") ) || ( $ip >= ip2long("4.21.126.0") && $ip <= ip2long("4.21.126.0/24") ) || ( $ip >= ip2long("65.125.25.26") && $ip <= ip2long("65.125.25.64") ) || ( $ip >= ip2long("208.23.64.0") && $ip <= ip2long("208.23.64.25") )) { //Redirect to some horrible site. You need to change the last line for this script to work. header("Location: lemonparty.org || meatspin.cc || someOtherHorribleSite.whatevs"); die(); } ?>
@m1

This comment has been minimized.

Show comment
Hide comment
@m1

m1 May 11, 2014

@jedsmith

Apache 12-regexes-per-request
In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)

Can't tell if this is a joke or pure idiocy. Also this made me laugh:

Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.

m1 commented May 11, 2014

@jedsmith

Apache 12-regexes-per-request
In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)

Can't tell if this is a joke or pure idiocy. Also this made me laugh:

Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.

@handelaar

This comment has been minimized.

Show comment
Hide comment
@handelaar

handelaar May 12, 2014

@m1 Pay no heed. Apple's employees know everything about everything.

@m1 Pay no heed. Apple's employees know everything about everything.

@jdorfman

This comment has been minimized.

Show comment
Hide comment
@jdorfman

jdorfman May 12, 2014

Genius.

FWIW: If you are a MaxCDN customer you can enable this in the CP: http://blog.maxcdn.com/throttle-fcc-fight-net-neutrality/

Genius.

FWIW: If you are a MaxCDN customer you can enable this in the CP: http://blog.maxcdn.com/throttle-fcc-fight-net-neutrality/

@flipflopsimsommer

This comment has been minimized.

Show comment
Hide comment
@wasnertobias

This comment has been minimized.

Show comment
Hide comment

+1

@Danw33

This comment has been minimized.

Show comment
Hide comment
@Danw33

Danw33 May 21, 2014

Brilliant! Implementing this on all of my sites...

Danw33 commented May 21, 2014

Brilliant! Implementing this on all of my sites...

@JCron245

This comment has been minimized.

Show comment
Hide comment
@JCron245

JCron245 Dec 14, 2017

Anyone implemented this recently?

Anyone implemented this recently?

@Serkan-devel

This comment has been minimized.

Show comment
Hide comment
@Serkan-devel

Serkan-devel Apr 8, 2018

Are those IP-ranges still correct?

Are those IP-ranges still correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment