Skip to main content

Geo-location filtering Policy

Block requests based on geo-location parameters: country, region code, and ASN

Configuration

{
"name": "my-geo-filter-inbound-policy",
"policyType": "geo-filter-inbound",
"handler": {
"export": "GeoFilterInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"allow": {
"countries": "US, CA"
},
"block": {
"asns": "$env(ASNS_TO_BLOCK)",
"regionCodes": "TX, WA"
},
"ignoreUnknown": true
}
}
}
  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be geo-filter-inbound.
  • handler/export The name of the exported type. Value should be GeoFilterInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:
    • block
      • countries
        [object Object]
      • regionCodes
        [object Object]
      • asns
        [object Object]
    • allow
    • ignoreUnknown
      [object Object]

Geo-location Filter Policy

Specify an allow list or block list of:

  • Countries - Country of the incoming request. The two-letter country code in the request, for example, "US".
  • regionCodes - If known, the ISO 3166-2 code for the first-level region associated with the IP address of the incoming request, for example, "TX"
  • ASNs - ASN of the incoming request, for example, 395747.
danger

If you specify an allow and block list for the same location type (e.g. country) may have no effect or block all requests.

{
"allow" : {
"countries" : "US"
},
"block" : {
"countries" : "MC"
}
}

The policy will only allow requests from US, so any request from MC would be automatically blocked.

Read more about how policies work