Hi All,
I am working with Eric to implement anonymous IP blocking into the Traffic
Router, and am looking to contribute it back to open source.
It will be structured similarly to RGB.
I am looking to get any feedback on the design before going ahead with this
feature.
Feature Requirements
* Traffic Ops
* Add new TR parameter for path to AnonymousIP database
* Add new TR parameter for path to AnonymousIP Policy Configuration File
* Add new TR parameter for polling interval for combined database and
configuration file
* Add new API and GUI screens to enable/disable this feature per-DS
* Include new DS configuration and both new config file parameters in
CRConfig
* Traffic Router
* Download new anonymous IP database
* Configuration
* Parse new config in CRConfig file
* Download+Parse new AnonymousIP Policy config file
*
* Evaluate incoming requests against configuration
* Allow any requests matching IP whitelist
* Block any request which appears in AnonymousIP database matching a
configured type
* Allow all other requests
* TR Access logs indicate if request was blocked due to anonymous IP
related policy
Feature Design
Maxmind SDK:
https://maxmind.github.io/GeoIP2-java/doc/v2.8.0/com/maxmind/geoip2/model/AnonymousIpResponse.html
GeoIP2 Java API: https://maxmind.github.io/GeoIP2-java/
Config File
{
"customer": "<customerName>",
"version": "<versionString>",
"date" : "<timestamp string>",
"name": <Identifying Name>",
"anonymousIp": { "blockAnonymousVPN": true,
"blockHostingProvider": true,
"blockPublicProxy": true,
"blockTorExitNode": true},
"ip4Whitelist": [<subnet1>, <subnet2>], //optional
"ip6Whitelist": [] //optional
}
Implementation Notes
Anonymous Blocking will occur after RGB check
If an IP is whitelisted in the RGB config, and is present in the Anonymous IP
database, the IP will be blocked
Anonymous Blocking is per delivery service
Config file is global
Thanks,
-Peter
