feat/security
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m44s
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m44s
Reviewed-on: #2
This commit was merged in pull request #2.
This commit is contained in:
19
docs/geoip-guide.md
Normal file
19
docs/geoip-guide.md
Normal file
@@ -0,0 +1,19 @@
|
||||
# GeoIP Guide (Planning)
|
||||
|
||||
This project intentionally does not enable GeoIP enforcement yet.
|
||||
|
||||
Planned integration target: `github.com/rabuchaim/geoip2fast`.
|
||||
|
||||
## Recommended approach
|
||||
|
||||
1. Load one shared GeoIP provider instance at startup.
|
||||
2. Add a small in-memory cache keyed by IP with TTL.
|
||||
3. Apply lookup timeout and fallback to `unknown` values on failures.
|
||||
4. Use results first in the admin security detail pane.
|
||||
5. Add aggregated statistics only after detail pane behavior is stable.
|
||||
|
||||
## Why this is safe
|
||||
|
||||
- No request path should fail because GeoIP lookup fails.
|
||||
- Lookup cost stays bounded with caching.
|
||||
- Security decisions remain independent from GeoIP quality.
|
||||
Reference in New Issue
Block a user