Short question: Is adding large lists of IP block ranges to the Apache IP Manager a good idea, or will it make my site unbearably slow?
Longer version: in light of recent events, I started implementing a country-level block on countries that were already the biggest spammers/hackers & a high fraud risk anyway. But one of these countries is quite large, about 7000 IP ranges even after consolidating them. I've entered 300 ranges so far into the Apache IP Manager in CNC, and while the site is okay now, it looks like I may have increased my Time To First Byte by an extra 1-2 seconds? Does that sound right? If I've measured correctly and that means 7000 entries is going to blow it out to 40 seconds wait for first access, that's obviously going to be unusable. I'd rather know now before I type in the other 6000 entries
I'm already using GeoIP MaxMind's API to do country-level detection on PHP forms, and that works very well. But a sitewide geo-block would be even better, if there's a way to do it without making things slow for genuine customers.