Comment

Comment on Openwrt how to block countries but allow a specific path using BanIp

Anafabula@discuss.tchncs.de ⁨3⁩ ⁨days⁩ ago

The path is part of the http protocol. Most firewalls only parse the first couple layers (ethernet->ip->tcp/udp), not http as well, unless they do deep package inspection. Idk if openwrt/banip has functionality like that.

It might be easier (and more performant if the firewall has weak hardware) to just allow tcp port 80 and let your reverse proxy do the filtering for that, since it (usually) needs to parse the http anyways.

source

Sort:hotnew top

Hercules@lemmy.world ⁨3⁩ ⁨days⁩ ago

path is part of the http protocol. Most firewalls only parse the first couple layers (ethernet->ip->tcp/udp), not http as well, unless they do deep package inspection. Idk if openwrt/banip has functionality

I don’t think openwrt can do this. Im running k3s with nginx as ingress but the issue is it doesn’t see the actual ip but rather the ip of the container so i can’t use nginx to block countries.

source