Geo-location filtering
Block requests based on geo-location parameters: country, region code, and ASN
Configuration#
{
"name": "my-geo-filter-inbound-policy",
"policyType": "geo-filter-inbound",
"handler": {
"export": "GeoFilterInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"allow": {
"countries": "US, CA"
},
"block": {
"asns": "$env(ASNS_TO_BLOCK)",
"regionCodes": "TX, WA"
},
"ignoreUnknown": true
}
}
}
Options#
name
the name of your policy instance. This is used as a reference in your routes.policyType
the identifier of the policy. This is used by the Zuplo UI. Value should begeo-filter-inbound
.handler/export
The name of the exported type. Value should beGeoFilterInboundPolicy
.handler/module
the module containing the policy. Value should be$import(@zuplo/runtime)
.handler/options
The options for this policy:block
countries
comma separated string of country codes to block (e.g. "US, CA")
regionCodes
comma separated string of region codes to block (e.g. "TX, WA")
asns
comma separated string of ASNs to block (e.g. "395747, 28304")
allow
ignoreUnknown
Optional, defaults to true. Specifies whether unknown geo-location parameters should be ignored (allowed through).
Geo-location Filter Policy
Specify an allow list or block list of:
- Countries - Country of the incoming request. The two-letter country code in the request, for example, "US".
- regionCodes - If known, the ISO 3166-2 code for the first-level region associated with the IP address of the incoming request, for example, "TX"
- ASNs - ASN of the incoming request, for example, 395747.
If you specify an allow and block list for the same location type (e.g.
country
) may have no effect or block all requests.
{
"allow" : {
"countries" : "US"
},
"block" : {
"countries" : "MC"
}
}
The policy will only allow requests from US, so any request from MC would be automatically blocked.