Could the all of the Tencent cloud kindly please fuck off back to China?

Those assholes don't even publish their IP ranges so one could easily block their ass.

Had to rely on external tools and hunt down all of their different ASNs to finally block them from overloading a client's webapp...

Ugh, I need a beer.

Couldn't you block on basis of http user agent? Enjoy your beer.

I want opt in internet access by country. Only want to communicate with your country? Done. Problem would be with VPNs faking being in country.

Maybe opt out by country would be better.

Hmmm that sounds useful, would you care to share?

Try geo blocking. Not many use cases for the rest of the world to talk to China, you'll have very few false positives.

@retoor that would have been the first step.

But guess what. When you're coming from a dubious cloud provider from a dubious country, you're not very incentivised to identify yourself with a nice, distinct user agent string, so the other side has easier time blocking you...

All the requests were presenting as generic end user browsers, from hundreds of different subnets, all coming from china...

@lungdart tried that even before looking up Tencent's ranges by ASN.

Unfortunately, either they're not in the list, or they have them in multiple countries.

http://ipdeny.com/ipblocks/data/... to be specific

Ugh. Stupid china.