So I’ve seen a couple of sites (don’t remember which ones) a while back that I was messing around with and I ended up getting banned I think from one. My browser said “This site can’t be reached” like I literally couldn’t receive any data from the server. (Error, unable to establish connection)
Is there any way to mimic this behavior with HA Proxy to not even try to establish a full connection to the user? Is IP tables really the only way to mimic this?
Cloud services allow you to block IP’s with their panels, and through an api usually, and it would probably display this kind of error by blocking traffic to the instance, but in almost all cases there are limits and this wouldn’t work for an on-premises solution.
Obviously, I’m sure this could be done via DNS by sending a different IP for a specific domain, but this definitely wouldn’t stop an attacker from accessing your service or IP for that matter, it would just block the average user.
If HA Proxy is not able to mimic this type of behavior, does anyone know of a solution that can? Maybe besides IP tables?
Out of curiosity, at the edge if you were in an internet exchange and had your servers connected to some providers, is there any way you could block traffic at the edge? For example, if you wanted to block all traffic from ASNs belonging AWS, Azure, Google Cloud, Oracle and OVH etc., to prevent DDoS attacks? Really, it seems like blocking all cloud providers from your app would be the most efficient in preventing DDoS attacks, but only if this can be done on hardware switches, not software. So, could this or something similar be done via a switch or hardware config? BGP? Not sure.
Anyways, thanks! I look forward to responses!
By the way, this isn’t mission critical. It’s really just out of curiosity!