Policies
Geo-location filtering Policy
Block requests based on geo-location parameters: country, region code, and ASN
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
{ "name": "my-geo-filter-inbound-policy", "policyType": "geo-filter-inbound", "handler": { "export": "GeoFilterInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "allow": { "asns": "395747, 28304", "countries": "US, CA", "regionCodes": "TX, WA" }, "block": { "asns": "395747, 28304", "countries": "US, CA", "regionCodes": "TX, WA" }, "ignoreUnknown": true } } }
Policy Options
The options for this policy are specified below. All properties are optional unless specifically marked as required.
block
<object> -countries
<string> -comma separated string of country codes to allow (e.g. "US, CA").regionCodes
<string> -comma separated string of region codes to allow (e.g. "TX, WA").asns
<string> -comma separated string of ASNs to allow (e.g. "395747, 28304").
allow
<object> -countries
<string> -comma separated string of country codes to allow (e.g. "US, CA").regionCodes
<string> -comma separated string of region codes to allow (e.g. "TX, WA").asns
<string> -comma separated string of ASNs to allow (e.g. "395747, 28304").
ignoreUnknown
<boolean> -Specifies whether unknown geo-location parameters should be ignored (allowed through).Defaults totrue
.
Using the Policy
Geo-location Filter Policy#
Specify an allow list or block list of:
- Countries - Country of the incoming request. The two-letter country code in the request, for example, "US".
- regionCodes - If known, the ISO 3166-2 code for the first-level region associated with the IP address of the incoming request, for example, "TX"
- ASNs - ASN of the incoming request, for example, 395747.
Caution
If you specify an allow and block list for the same location type (e.g.
country
) may have no effect or block all requests.
{ "allow" : { "countries" : "US" }, "block" : { "countries" : "MC" } }
The policy will only allow requests from US, so any request from MC would be automatically blocked.
Read more about how policies work