Has anyone on the list implemented (or investigated) a plugin that can take a dynamic IP address list and use this to perform conditional redirects? Some of the necessary logic may exist in the experimental GeoIP plugin, but more steps are required.
Here is the use case: - I have a variety of fail2ban filters that identify suspicious activity, such as nginx rate limit notices, ModSecurity warnings, and excessively rapid 404/301 responses. I see these get triggered by ~100 IP addresses a day, mostly from Russia, China, Vietnam, 3rd-tier hosting providers (Vultr, Linode, Ntup, Hostplus) and badly behaved SEO/indexers (Semrush, please die in a fire). - Currently these addresses just get blackholed at the firewall for a period of time, as my configured fail2ban actions. (The WAF scanning is all implemented at the origin server.) - Very occasionally an application or WAF misconfiguration can cause a legitimate client to trigger this. As such, it would be nice to be able to redirect the request to an informational page (or perhaps a CAPTCHA to remove from the blocklist) instead of denying all traffic. The way I am imagining this, it would look almost exactly like the GeoIP ACL plugin (since it already has "@pparam=html::/some/path.html" for content replacement), except instead of "@pparam=country" and country-code logic, it would just reference an internal IP deny map. This could potentially even use the country logic (e.g. a new country called "DENY") but there needs to be a way to dynamically update the country IP map. --Jered
