Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to throttle the FCC to dial up modem speeds on your website using Nginx
# The blog post that started it all: https://neocities.org/blog/the-fcc-is-now-rate-limited
#
# Current known FCC address ranges:
# https://news.ycombinator.com/item?id=7716915
#
# Confirm/locate FCC IP ranges with this: http://whois.arin.net/rest/net/NET-165-135-0-0-1/pft
#
# In your nginx.conf:
location / {
if ( $remote_addr ~* 192.133.125.0/24 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 165.135.0.0/16 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 192.104.54.0/24 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 4.21.126.0/24 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 65.125.25.64/26 ) {
limit_rate 3k;
}
if ( $remote_addr ~* 208.23.64.0/25 ) {
limit_rate 3k;
}
# put the serve files or proxy_pass code here.
}
@kyledrake
Copy link
Author

kyledrake commented May 9, 2014

@teichopsia Can you show how I can make that work with 3kb rate limit?

@ross
Copy link

ross commented May 9, 2014

like the idea. would be nice to include congress and probably the supreme court as well. likely the best way to get the point across, especially if central sites like google and netflix participated.

@ryanbeymer
Copy link

ryanbeymer commented May 9, 2014

great idea.

@KevinKoleckar
Copy link

KevinKoleckar commented May 9, 2014

This is a peaceful protest I can get behind.

@dilijev
Copy link

dilijev commented May 10, 2014

@ross I was going to say that might be illegal, but then I realized, it must not be, since this law is up for grabs, and if they are annoyed enough to make it illegal, mission accomplished.

DO. IT.

@rec9140
Copy link

rec9140 commented May 10, 2014

Any chance of a port to Litespeed???? Please?? Or can this be dumped into litespeed since its "supposed" to be "drop in" for Apache...I've seen the Apache fork... but I found out that my newest box uses Litespeed v. Apache :( :(

Any chance for Litespeed???

Thanks.

@m1
Copy link

m1 commented May 10, 2014

@DamnInteresting
Copy link

DamnInteresting commented May 10, 2014

For developers on LAMP stacks I offer the following .htaccess rules:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^192\.133\.125\. [OR]
RewriteCond %{REMOTE_ADDR} ^165\.135\. [OR]
RewriteCond %{REMOTE_ADDR} ^192\.104\.54\. [OR]
RewriteCond %{REMOTE_ADDR} ^4\.21\.126\. [OR]
RewriteCond %{REMOTE_ADDR} ^65\.125\.25\.(6[4-9]|[7-9]\d|10\d|11\d|12[0-7])$ [OR]
RewriteCond %{REMOTE_ADDR} ^208\.23\.64\.(\d|\d\d|11\d|12[0-7])$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^192\.133\.125\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^165\.135\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^192\.104\.54\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^4\.21\.126\. [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^65\.125\.25\.(6[4-9]|[7-9]\d|10\d|11\d|12[0-7])$ [OR]
RewriteCond %{HTTP:X-Forwarded-For} ^208\.23\.64\.(\d|\d\d|11\d|12[0-7])$
RewriteRule ^(.*)$ /throttle.php?rate=3000 [L,QSA]
</IfModule>

...where in this example throttle.php is a script that perhaps uses a combination of ob_start(), ob_get_clean() and sleep() to dribble the output. If you use the sleep() approach, be sure to use set_time_limit() to set a long execution time if you don't want PHP to exit at the default 30 seconds.

@xy0
Copy link

xy0 commented May 10, 2014

^Thanks, I am the webmaster for a hosting company and will employ this immediately.

@halcyonardency
Copy link

halcyonardency commented May 10, 2014

Just to confirm.. aren't these the public IPs for FCC in-bound services and what not? Are FCC employees actually sourcing connections out from behind these IPs (eg, their phone, home, or office connection)?

This would be like throttling the IP(s) for www.google.com to give Google employees a bad time -- right? Does anyone have access logs showing traffic from these IPs?

@imseanbrown
Copy link

imseanbrown commented May 10, 2014

FYI: FCC has a few more IP addresses than above:

This from ARIN.NET (the people who assign NA IP addresses):

FCC (NET-165-135-0-0-1) 165.135.0.0 - 165.135.255.255
FCCNET2 (NET-192-133-125-0-1) 192.133.125.0 - 192.133.125.255
FCCNET (NET-192-104-54-0-1) 192.104.54.0 - 192.104.54.255
FCC2-126-30 (NET-4-21-126-0-1) 4.21.126.0 - 4.21.126.255
FCC (NET6-2620-610-1) 2620:0:610:: - 2620:0:610:FFFF:FFFF:FFFF:FFFF:FFFF
SPRINTLINK (NET-208-23-64-0-1) 208.23.64.0 - 208.23.64.127
TBD (NET6-2600-803-230-1) 2600:803:230:: - 2600:803:230:FFFF:FFFF:FFFF:FFFF:FFFF
Q0503-65-125-25-64 (NET-65-125-25-64-1) 65.125.25.64 - 65.125.25.127
SPRINTLINK (NET-208-31-254-128-1) 208.31.254.128 - 208.31.254.255

However - in my 15+ years in telecommunications, it entirely too easy to source from a different subnet not listed here. Unfortunately as xyntrix said, web logs will tell the tale of where the source is coming from.

(my two cents) - while this is a SPECTACULAR idea, it won't last long as subnets and source IP's can be added to their servers and NOT added to the FCC's AS/BGP announcements.

Good luck guys!
Sean
http://www.sleepyshark.com

@rbowen
Copy link

rbowen commented May 10, 2014

No need for mod rewrite and icky php scripts. mod_ratelimit does this. http://httpd.apache.org/docs/current/mod/mod_ratelimit.html

@pdp7
Copy link

pdp7 commented May 10, 2014

applause

@karel1980
Copy link

karel1980 commented May 10, 2014

Would have been nice if Netflix did this with Comcast customers. Instead of paying Comcast for doing what its customers already pay them for, have them pay to keep their own customers happy. (I realise they couldn't have because monopoly and not wanting to be the bad guy, but still, one can dream...)

@indolering
Copy link

indolering commented May 10, 2014

There has to be a way to emulate this in JS. Then we could make a Cloudflare app....

@f4bio
Copy link

f4bio commented May 10, 2014

for sake of completness, lighttpd version: https://gist.github.com/ft11/34fb1974eb5aff8a36fd

@madrobby
Copy link

madrobby commented May 10, 2014

@AfterCredits
Copy link

AfterCredits commented May 10, 2014

Sorry for the n00b question...

My site is WordPress powered hosted on GoDaddy. Any idea how to implement this? Or if someone can make a plugin like the SOPA blackout one, that would be awesome!

@PowerFist
Copy link

PowerFist commented May 11, 2014

Thank you for this, implementing it directly. Logic will prevail.

@jedsmith
Copy link

jedsmith commented May 11, 2014

I look forward to these ranges being reassigned, then all of you forgetting this shit in your long, crusty configuration file, then spending four days trying to figure out why only $isp customers in $region can't do shit with your site.

Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.

(Also, the Apache 12-regexes-per-request to a PHP script that calls sleep() is my personal favorite. In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)

@aardvark857
Copy link

aardvark857 commented May 11, 2014

Not tested and could use some improvements. I'll make a better version and post tomorrow.

= ip2long("192.133.125.0") && $ip <= ip2long("192.133.125.24") ) || ( $ip >= ip2long("165.135.0.0") && $ip <= ip2long("165.135.0.16") ) || ( $ip >= ip2long("192.104.54.0") && $ip <= ip2long("192.104.54.24") ) || ( $ip >= ip2long("4.21.126.0") && $ip <= ip2long("4.21.126.0/24") ) || ( $ip >= ip2long("65.125.25.26") && $ip <= ip2long("65.125.25.64") ) || ( $ip >= ip2long("208.23.64.0") && $ip <= ip2long("208.23.64.25") )) { //Redirect to some horrible site. You need to change the last line for this script to work. header("Location: lemonparty.org || meatspin.cc || someOtherHorribleSite.whatevs"); die(); } ?>

@m1
Copy link

m1 commented May 11, 2014

@jedsmith

Apache 12-regexes-per-request
In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)

Can't tell if this is a joke or pure idiocy. Also this made me laugh:

Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.

@handelaar
Copy link

handelaar commented May 12, 2014

@m1 Pay no heed. Apple's employees know everything about everything.

@jdorfman
Copy link

jdorfman commented May 12, 2014

Genius.

FWIW: If you are a MaxCDN customer you can enable this in the CP: http://blog.maxcdn.com/throttle-fcc-fight-net-neutrality/

@flipflopsimsommer
Copy link

flipflopsimsommer commented May 13, 2014

👍

@wasnertobias
Copy link

wasnertobias commented May 16, 2014

+1

@Danw33
Copy link

Danw33 commented May 21, 2014

Brilliant! Implementing this on all of my sites...

@JCron245
Copy link

JCron245 commented Dec 14, 2017

Anyone implemented this recently?

@Serkan-devel
Copy link

Serkan-devel commented Apr 8, 2018

Are those IP-ranges still correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment