From a3c6fe34503aa121d4e2b74c9c01358a5649fbe1 Mon Sep 17 00:00:00 2001
From: stefatorus <stefatorus@entryrise.com>
Date: Tue, 19 Oct 2021 14:37:00 +0200
Subject: [PATCH] Update 'README.md'

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a3bd5ea..43d0737 100644
--- a/README.md
+++ b/README.md
@@ -4,9 +4,17 @@ MineWall is a Layer 3 mitigation toolset for protocol specifications like Minecr
 
 It is mainly targeted at Minecraft servers, or applications having a similar networking footprint as the former. However, it may work well for other applications where proxies are the main tool used for attacks. It is highly recommended to test pre-deployment, and to take proper measures to optimize for your own end use-case.
 
+# A 3 layered approach
+The application is comprised of 3 different layers of mitigation, depending on the validity of the source user:
+- The whitelist is used for IPs that are already validated as safe users.
+- The graylist is based on low risk countries that rarely are the source of bots. The behavior is to limit the connection speed with a permissive ratelimit.
+- The graylist (default) behavior is to strongly limit incoming connections via strict ratelimit.
+
+
+
 
 # Sources
 We believe transparency in our forensic research is key to replicability and the effectiveness of our solution. We've appended our sources below:
 
 https://radar.cloudflare.com/
-https://github.com/herrbischoff/country-ip-blocks
\ No newline at end of file
+https://github.com/herrbischoff/country-ip-blocks