-
-
Save kyledrake/e6046644115f185f7af0 to your computer and use it in GitHub Desktop.
# The blog post that started it all: https://neocities.org/blog/the-fcc-is-now-rate-limited | |
# | |
# Current known FCC address ranges: | |
# https://news.ycombinator.com/item?id=7716915 | |
# | |
# Confirm/locate FCC IP ranges with this: http://whois.arin.net/rest/net/NET-165-135-0-0-1/pft | |
# | |
# In your nginx.conf: | |
location / { | |
if ( $remote_addr ~* 192.133.125.0/24 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 165.135.0.0/16 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 192.104.54.0/24 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 4.21.126.0/24 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 65.125.25.64/26 ) { | |
limit_rate 3k; | |
} | |
if ( $remote_addr ~* 208.23.64.0/25 ) { | |
limit_rate 3k; | |
} | |
# put the serve files or proxy_pass code here. | |
} |
I look forward to these ranges being reassigned, then all of you forgetting this shit in your long, crusty configuration file, then spending four days trying to figure out why only $isp customers in $region can't do shit with your site.
Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.
(Also, the Apache 12-regexes-per-request to a PHP script that calls sleep()
is my personal favorite. In grown-up operations terms, we call that a "DoS vector," being one while(1)
away from unresponsive.)
Not tested and could use some improvements. I'll make a better version and post tomorrow.
= ip2long("192.133.125.0") && $ip <= ip2long("192.133.125.24") ) || ( $ip >= ip2long("165.135.0.0") && $ip <= ip2long("165.135.0.16") ) || ( $ip >= ip2long("192.104.54.0") && $ip <= ip2long("192.104.54.24") ) || ( $ip >= ip2long("4.21.126.0") && $ip <= ip2long("4.21.126.0/24") ) || ( $ip >= ip2long("65.125.25.26") && $ip <= ip2long("65.125.25.64") ) || ( $ip >= ip2long("208.23.64.0") && $ip <= ip2long("208.23.64.25") )) { //Redirect to some horrible site. You need to change the last line for this script to work. header("Location: lemonparty.org || meatspin.cc || someOtherHorribleSite.whatevs"); die(); } ?>Apache 12-regexes-per-request
In grown-up operations terms, we call that a "DoS vector," being one while(1) away from unresponsive.)
Can't tell if this is a joke or pure idiocy. Also this made me laugh:
Oh wait, if you're sticking this in your config and getting away with it, you don't have a site of note. So, never mind.
@m1 Pay no heed. Apple's employees know everything about everything.
Genius.
FWIW: If you are a MaxCDN customer you can enable this in the CP: http://blog.maxcdn.com/throttle-fcc-fight-net-neutrality/
👍
+1
Brilliant! Implementing this on all of my sites...
Anyone implemented this recently?
Are those IP-ranges still correct?
Thank you for this, implementing it directly. Logic will prevail.