View Source Cloud IP Matching
By default, several Cloud hosting IP ranges are defined in the Paraxial agent:
- AWS
- Azure
- GCP
- Digital Ocean
- Oracle
This is useful because a login request coming from a rented Cloud IP server is most likely a bot, and should be blocked. To make this data available locally in your agent, ensure fetch_cloud_ips: true is set:
config :paraxial,
paraxial_api_key: System.get_env("PARAXIAL_API_KEY"),
fetch_cloud_ips: true
relevant-plugs
Relevant Plugs
There are two plugs related to Cloud IP matching:
Paraxial.AssignCloudIP If the remote_ip of an incoming request matching a cloud provider IP address, this plug will add metadata to the conn via an assigns. For example, if a conn's remote_ip matches aws, this plug will do assigns(conn, :paraxial_cloud_ip, :aws). Use this if your application has branching logic based on if an incoming conn.remote_ip is from a rented server.
Paraxial.BlockCloudIP - When a conn matches a cloud provider IP, the assign is updated and the conn is halted, with a 404 response sent to the client. Use this to block cloud IPs, for example in your router's authentication pipeline.
faq
FAQ
will-paraxial-blockcloudip-block-google-s-crawler
Will Paraxial.BlockCloudIP block Google's Crawler?
No, Google's Cloud Platform is hosted on a different IP range from Googlebot. Google will still be able to index your site, you are only blocking requests from GCP servers that anyone can rent.
what-if-i-want-to-allow-a-specific-cloud-ip-for-example-a-client-has-a-cloud-hosted-vpn-with-a-cloud-ip
What if I want to allow a specific Cloud IP? For example a client has a cloud-hosted VPN with a cloud IP.
Add the IP address to your site's Allow List, and it will no longer be blocked by Paraxial.BlockCloudIP