of course before implementing this I log all IPs and verify that we don't have any legitimate traffic coming from non-US IPs. and whitelisting a few IPs isn't a big deal. Of course a medium sized manufacturing company in the Midwest isn't going to have much need for people connecting to use outside the US.
I'm actually working to get rid of any public IPs that isn't a VPN access point.
If it's not actually reaching you to log in and what not, how do you know it's legit or not?
How do you know it's US traffic or not in the end?
I'm not saying it's not something anyone can reasonably do, but I've both been the gatekeeper required to implement/support such a policy and been someone burned by it. It shouldn't be assumed the block lists are actually that good.
> My home in Texas had an IP address which a lot of databases had as supposedly being in Montreal.
J'ai dû apprendre le français parce que les bases de données géo-IP sont des déchets.
So many sites defaulted to French due to shit geo-ip databases. So many account lockouts because of fears credentials got hijacked due to shit geo-ip databases. So many "sorry this isn't available in your country" messages because of shit geo-ip databases. So many stores defaulting to Canadian dollars because of shit geo-ip databases.
I'm actually working to get rid of any public IPs that isn't a VPN access point.