My employer is really big on blocking IP addresses, it is their primary solution... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zxcvbn4038 on Dec 30, 2022 \| parent \| context \| favorite \| on: Unintended consequences of blocking IP addresses My employer is really big on blocking IP addresses, it is their primary solution to everything. I’ve been trying to educate them and I think the message is starting to resonate - anyone nefarious can switch IP addresses faster and easier then we can block them - they don’t need peer review, change approvals, or to wait for a pipeline to run - they just do it. Likewise strict IP based rate limiting will only keep honest people honest, I can send one request per second from a couple thousand IPs and it’s completely invisible to all their monitoring and WAF rules. The world has moved on - you need different strategies that consider more then IP now.

bushbaba on Dec 30, 2022 | | [–]

IP Rate limiting these days is less for DDoS protection and more to prevent System B (or user B) from overwhelming System A.

jrochkind1 on Dec 30, 2022 | [–]

What strategies are available?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact