Why are you (re-)implementing client security on provider end? If a client requires that only requests from a particular network are permitted... Peer in some way.

I do understand the value of blocking unwanted networks/addresses, but that's a bit different problem space.