Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP Blacklist #11

Open
AriTheElk opened this issue Jan 11, 2017 · 5 comments
Open

IP Blacklist #11

AriTheElk opened this issue Jan 11, 2017 · 5 comments
Labels
enhancement help wanted

Comments

@AriTheElk
Copy link

Obviously this could be implemented in the client-side on a per-project basis, but I think it would be a decent idea to implement some sort of IP blacklisting system so that stats don't get bloated during development/QA.

Maybe something along the lines of providing a .ipignore file that follows the same general rules of .gitignore files?

127.0.0.1
192.102.*
*.512.*

Again, not sure if you're trying to keep this as micro as possible leaving things like this up to the individual developer. But seems like a feature that many could benefit from.
@mxstbr
Copy link
Member

mxstbr commented Jan 11, 2017

I was going to say this shouldn't live in core and people should take care of that themselves, but then I realized that you cannot get the IP address of the user in e.g. the browser context.

Is there a module that contains some well-known IPs that shouldn't be tracked like e.g. localhost, the Google/Bing/Yahoo bot, etc.?

@AriTheElk
Copy link
Author

Here: http://www.iplists.com/

My only concern with using a static list, is that I think it might be unfair to block IPs like localhost out of the box. If I find this library and install it, I'm going to have expectations of seeing my page loads getting tracked (even if I don't want this in production). If I install it, load my page, and see no activity tracked; I'm going to assume that it's not working properly.

It's probably a good idea to block IPs of web crawlers out of the box though.

@mxstbr
Copy link
Member

mxstbr commented Jan 11, 2017

Let's check for NODE_ENV=development and not block, but if it's production we block localhost, crawlers etc? (possibly with an option to disable in prod, --no-ip-block or something)

@mxstbr mxstbr mentioned this issue Jan 12, 2017
Merged
@mxstbr mxstbr mentioned this issue Jan 15, 2017
Open
@sean-roberts
Copy link
Collaborator

bringing the conversation here. I think allowing some sort of extension module by the user would be ideal for this and any other situation that is general or unique to the user's needs.

So the proposal is to allow the user to specify micro-analytics --extension=analyticsExtension.js naming totally open for grabs.

That module would be able to export any extension api that we would want configuration on. But for this and favicon issue we could allow them to export a filterInput function that can receive the request and if they return true, it will be passed into the ingestion of core for processing.

@sean-roberts sean-roberts mentioned this issue Jan 16, 2017
Open
@sean-roberts
Copy link
Collaborator

sean-roberts commented Jan 17, 2017
edited

another tool to help users filter https://referrerspamblocker.com/ they have a solid list of referrers that could be filtered or blacklisted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sean-roberts @AriTheElk @mxstbr