fail2ban will always get you better results than banning countries because VPNs are a thing.
that said, I automatically ban any IP that comes from outside the US because there’s literally no reason for anyone outside the US to make requests to my infra. I still use smart IP filtering though.
I’m familiar with f2b. I even have several clients licensed with the commercial version but it doesn’t fit this use case as there’s no logon failure for it to work with.
I automatically ban any IP that comes from outside the US because there’s literally no reason for anyone outside the US to make requests to my infra.
I have systems setup with geo-blocking but it’s of limited use due to the prevalence of VPNs.
also, use a WAF on a NAT to expose your apps.
This isn’t a solution either because a WAF has no way to know what traffic is bad so it doesn’t know what to block.
fail2ban will always get you better results than banning countries because VPNs are a thing.
that said, I automatically ban any IP that comes from outside the US because there’s literally no reason for anyone outside the US to make requests to my infra. I still use smart IP filtering though.
also, use a WAF on a NAT to expose your apps.
I’m familiar with f2b. I even have several clients licensed with the commercial version but it doesn’t fit this use case as there’s no logon failure for it to work with.
I have systems setup with geo-blocking but it’s of limited use due to the prevalence of VPNs.
This isn’t a solution either because a WAF has no way to know what traffic is bad so it doesn’t know what to block.