refactor: unify Israeli blocking into GenocidalBlockingMiddleware with server-IP check
Replace DashboardBlockingMiddleware + APIBlockingMiddleware with a single GenocidalBlockingMiddleware that blocks ALL routes (not just dashboard or API) under any of three conditions: 1. Server's own public IP resolves to Israel — detected once at startup via api.ipify.org + geolocation lookup, stored in _server_ip_blocked flag 2. Host header domain ends with .il (port stripped before check) 3. Connecting client IP resolves to Israel (per-request geolocation lookup) /blocked is always allowed through to avoid redirect loops. API/MCP routes return JSON 403; all other routes redirect to /blocked.
Showing
Please
register
or
sign in
to comment