Ping a Specific Port

Question

cvlo

Asked: 2020-08-04 15:38:53 +0800 CST2020-08-04 15:38:53 +0800 CST 2020-08-04 15:38:53 +0800 CST

Does CDN defeat the purpose of server-level GeoIP blocking?

772

Looking for second opinions.

Suppose a website is set up so that only IPs from country X are allowed read/write access. This server goes through a CDN such as Cloudflare. Because the GeoIP block is at server level, it never gets enabled because Cloudflare will always cache from an IP in country X and broadcast worldwide so anyone outside of country X will still be able to read the version that was cached by Cloudflare locally.

Does this mean IPs from GeoIP blocked countries (outside of country X) will also have write access?

1 Answers

Voted

Mark Henderson · Answer 1 · 2020-08-04T17:18:46+08:00

Mark Henderson

2020-08-04T17:18:46+08:002020-08-04T17:18:46+08:00

Yes.

You need to implement your geo blocking at the CDN level. This usually means paying for the CDN as this is typically not included in free tiers (they'll give you space for a few rules, but the kinds of rules you need for geo blocking will normally exceed the free allocation).

You can geo-block based on the X-Forwarded-For header but as you've correctly summised the CDN will just serve a request out of its cache. Which is the the point of a CDN.

4

Does CDN defeat the purpose of server-level GeoIP blocking?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?