Have you considered the additional cost of making it harder for your customers to do business with you, as well as the limited visibility that you set up for attacks that may become multi-stage in nature later?
You never see or collect the information by blocking everything at the outset.
In a world where you can proxy past these blocks fairly trivially, that's information you don't have for attribution later.
Defense in depth, or layered defenses are a best approach, but not if they blind you equally.
As someone who has whitelisted only US IP address space for my employer and blocked everything else I can attest that is DRASTICALLY reduces hostile traffic to us. I have an RDP honeypot that was blocking dozens of IPs every day before the whitelist and now it blocks 1 or 2 a day.