At a client I found they had bought a large subnet of public internet ip addresses for their business and connected all computers up with public ip addresses. (bought it years ago and never changed it, /18 size network)
For security reasons they created a routing loop between 2 routers at the edge of the network as a makeshift bit-bucket to restrict all access to the network directly from the internet and ran http through a proxy.
While I guess a routing loop would work as a makeshift bit-bucket and good practice aside, is there any security problems with this?
Would using a routing loop to deny traffic to a network pose a legitimate security risk?
No, it's not justifiable and is also a waste of resources. The normal method of blackholing traffic is to route it to a null interface or, if the brand of router being used doesn't support such a thing, a loopback interface.
Then again, it's not as bad a waste of resources as using public IP addresses on a private network.
A routing loop sounds like a total waste of resource, null routing the address space will use minimal router resource.
However, to limit access to an HTTP services, using good old access lists sounds like a much better idea. Most routers have decent ACL capabilities these days or they could even use one of them modern firewall boxes.