One concern with doing this as a whole is you may end up blocking legit organizations from accessing your site. If you're selling something that could be a problem.
For example, the org might be self-hosting WireGuard or another VPN solution on a cloud provider and people are connecting through that so their outgoing IP address comes from a cloud provider.
A big and and not so big enterprises these days uses VPN and similar solutions with exit nodes in the cloud so such blocks essentially prevents access to your web site from a work computer.
(Ideally you'd make then switch to TCP by truncating UDP responses to specific clients but that sounds like a hassle to set up so it's understandable to skip that.)
At that point secure would be 'offline'... It's not like botnets, "unlocker" farms and P2P doesn't originate from residential netblocks all day long.
The idea of "I just want the legitimate traffic" is a simple one, but the implementation of the idea has very little to do with "I will just block the big bad cloud!".
Securing yourself means not being vulnerable to the attacks. Who cares if you are exposed to an internet radiation banana equivalent? Why worry? You'll hurt yourself more from the worry than from the radiation.
Blocking huge IP ranges is knocking yourself half offline, and it doesn't even stop you being "attacked". I'd start blocking if and only if there is some actual problem for your server (e.g. excessive CPU or bandwidth usage), not just because big bad scary cloud.
I think it should be reciprocal, like in the real world. If someone blocks a provider, a provider should be allowed to block back. Maybe with some automatism. So it is fair and each party has information about what is going on. Or using real guns instead of these children games in the sandbox.
So if I run a web server at home and I’m constantly attacked by AWS IPs, I shouldn’t be able to block them without myself being unable to access the lion’s share of the web hosted on AWS? Doesn’t that seem sort of extreme?
> I think it should be reciprocal, like in the real world. If someone blocks a provider, a provider should be allowed to block back. Maybe with some automatism. So it is fair and each party has information about what is going on. Or using real guns instead of these children games in the sandbox.
I don't think your take makes any sense whatsoever. Beyond the puerile "I'll block you too", what exactly do you hope to achieve with this nonsense?
If blocking someone works in both directions, you won't block half the internet based on spurious reasoning, because you'll be blocked from half the internet based on your own spurious reasoning. You'll carefully consider who to block.
