Changes in 79e3537: updated Wiki, describing options for Geo-Blocking

				home.md
			
          @@ -40,6 +40,7 @@ SAP is at the center of today’s technology revolution, developing innovations 

             * [[Establishing support@sapsailing.com with AWS SES, SNS, and Lambda|wiki/info/landscape/support-email]]

             * [[Creating an EC2 image for a MongoDB Replica Set from scratch|wiki/info/landscape/creating-ec2-mongodb-image-from-scratch]]

             * [[Setting up dedicated S3 buckets|wiki/info/landscape/s3-bucket-setup]]

          +  * [[Large-Scale Set-Ups, e.g., Olympic Games|wiki/info/landscape/olympic-setup]]

           * [[Building and Deploying|wiki/info/landscape/building-and-deploying]]

           * [[Data Mining Architecture|wiki/info/landscape/data-mining-architecture]]

           * [[Typical Data Mining Scenarios|wiki/info/landscape/typical-data-mining-scenarios]]

				wiki/info/landscape/amazon-ec2.md
			
          @@ -4,7 +4,7 @@

           ## Quickstart

          -Our default region in AWS EC2 is eu-west-1 (Ireland). Tests are currently run in the otherwise unused region eu-west-2 (London). Most regular operations can be handled through the AdminConsole's "Advanced / Landscape" tab. See, e.g., [https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:](https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:). Some operations occurring not so frequently still require more in-depth knowledge of steps, manual execution of commands on the command line and some basic Linux understanding.

          +Our default region in AWS EC2 is eu-west-1 (Ireland). Tests are currently run in the otherwise unused region eu-west-2 (London). Most regular operations can be handled through the AdminConsole's "Advanced / Landscape" tab. See, e.g., [https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:](https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:). Some operations occurring not so frequently still require more in-depth knowledge of steps, manual execution of commands on the command line and some basic Linux understanding. This also goes for [highest-scale set-ups requiring an AWS Global Accelerator with or without Geo-Blocking through AWS Web Application Firewall (WAF) with Web ACLs](https://wiki.sapsailing.com/wiki/info/landscape/olympic-setup#setup-for-the-olympic-summer-games-2020-2021-tokyo_aws-setup_global-accelerator).

           ## Important Servers, Hostnames

				wiki/info/landscape/olympic-setup.md
			
          @@ -416,6 +416,16 @@ We have created a Global Accelerator [Tokyo2020](https://us-west-2.console.aws.a

           The Route53 entry ``tokyo2020.sapsailing.com`` now is an alias A record pointing to this global accelerator (``aca060e6eabf4ba3e.awsglobalaccelerator.com.``).

          +### Geo-Blocking

          +

          +While for Tokyo 2020 this was not requested, for Paris 2024 we heard rumors that it may. If it does, using the []AWS Web Application Firewall (WAF)](https://us-east-1.console.aws.amazon.com/wafv2/homev2/start) provides the solution. There, we can create so-called Web Access Control Lists (Web ACLs) which need to be created per region where an ALB is used.

          +

          +A Web ACL consists of a number of rules and has a default action (typically "Allow" or "Block") for those requests not matched by any rule. An ACL can be associated with one or more resources, in particular with Application Load Balancers (ALBs) deployed in the region.

          +

          +Rules, in turn, consist of statements that can be combined using logical operators. The rule type of interest for geo-blocking is "Originates from a country in" where one or more countries can be selected. When combined with an "Allow" or "Block" action, this results in the geo-blocking behavior desired.

          +

          +For requests blocked by the rule, the response code, response headers and message body to return to the client can be configured. We can use this, e.g., to configure a 301 re-direct to a static page that informs the user about the geo-blocking.

          +

           ### Application Load Balancers (ALBs) and Target Groups

           In each region supported, a dedicated load balancer for the Global Accelerator-based event setup has been set up (``Tokyo2020ALB`` or simply ``ALB``). A single target group with the usual settings (port 8888, health check on ``/gwt/status``, etc.) must exist: ``S-ded-tokyo2020`` (public).

...	...	@@ -416,6 +416,16 @@ We have created a Global Accelerator [Tokyo2020](https://us-west-2.console.aws.a
416	416
417	417	The Route53 entry ``tokyo2020.sapsailing.com`` now is an alias A record pointing to this global accelerator (``aca060e6eabf4ba3e.awsglobalaccelerator.com.``).
418	418
	419	+### Geo-Blocking
	420	+
	421	+While for Tokyo 2020 this was not requested, for Paris 2024 we heard rumors that it may. If it does, using the []AWS Web Application Firewall (WAF)](https://us-east-1.console.aws.amazon.com/wafv2/homev2/start) provides the solution. There, we can create so-called Web Access Control Lists (Web ACLs) which need to be created per region where an ALB is used.
	422	+
	423	+A Web ACL consists of a number of rules and has a default action (typically "Allow" or "Block") for those requests not matched by any rule. An ACL can be associated with one or more resources, in particular with Application Load Balancers (ALBs) deployed in the region.
	424	+
	425	+Rules, in turn, consist of statements that can be combined using logical operators. The rule type of interest for geo-blocking is "Originates from a country in" where one or more countries can be selected. When combined with an "Allow" or "Block" action, this results in the geo-blocking behavior desired.
	426	+
	427	+For requests blocked by the rule, the response code, response headers and message body to return to the client can be configured. We can use this, e.g., to configure a 301 re-direct to a static page that informs the user about the geo-blocking.
	428	+
419	429	### Application Load Balancers (ALBs) and Target Groups
420	430
421	431	In each region supported, a dedicated load balancer for the Global Accelerator-based event setup has been set up (``Tokyo2020ALB`` or simply ``ALB``). A single target group with the usual settings (port 8888, health check on ``/gwt/status``, etc.) must exist: ``S-ded-tokyo2020`` (public).

...	...	@@ -40,6 +40,7 @@ SAP is at the center of today’s technology revolution, developing innovations
40	40	* [[Establishing support@sapsailing.com with AWS SES, SNS, and Lambda\|wiki/info/landscape/support-email]]
41	41	* [[Creating an EC2 image for a MongoDB Replica Set from scratch\|wiki/info/landscape/creating-ec2-mongodb-image-from-scratch]]
42	42	* [[Setting up dedicated S3 buckets\|wiki/info/landscape/s3-bucket-setup]]
	43	+ * [[Large-Scale Set-Ups, e.g., Olympic Games\|wiki/info/landscape/olympic-setup]]
43	44	* [[Building and Deploying\|wiki/info/landscape/building-and-deploying]]
44	45	* [[Data Mining Architecture\|wiki/info/landscape/data-mining-architecture]]
45	46	* [[Typical Data Mining Scenarios\|wiki/info/landscape/typical-data-mining-scenarios]]

...	...	@@ -4,7 +4,7 @@
4	4
5	5	## Quickstart
6	6
7		-Our default region in AWS EC2 is eu-west-1 (Ireland). Tests are currently run in the otherwise unused region eu-west-2 (London). Most regular operations can be handled through the AdminConsole's "Advanced / Landscape" tab. See, e.g., [https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:](https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:). Some operations occurring not so frequently still require more in-depth knowledge of steps, manual execution of commands on the command line and some basic Linux understanding.
	7	+Our default region in AWS EC2 is eu-west-1 (Ireland). Tests are currently run in the otherwise unused region eu-west-2 (London). Most regular operations can be handled through the AdminConsole's "Advanced / Landscape" tab. See, e.g., [https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:](https://security-service.sapsailing.com/gwt/AdminConsole.html#LandscapeManagementPlace:). Some operations occurring not so frequently still require more in-depth knowledge of steps, manual execution of commands on the command line and some basic Linux understanding. This also goes for [highest-scale set-ups requiring an AWS Global Accelerator with or without Geo-Blocking through AWS Web Application Firewall (WAF) with Web ACLs](https://wiki.sapsailing.com/wiki/info/landscape/olympic-setup#setup-for-the-olympic-summer-games-2020-2021-tokyo_aws-setup_global-accelerator).
8	8
9	9	## Important Servers, Hostnames
10	10