Skip to content

traefik plugin to whitelist requests based on geolocation

License

Notifications You must be signed in to change notification settings

nscuro/traefik-plugin-geoblock

Repository files navigation

traefik-plugin-geoblock

Build Status Go Report Card Latest GitHub release License

traefik-plugin-geoblock is a traefik plugin to allow or block requests based on geolocation

This projects includes IP2Location LITE data available from lite.ip2location.com.

Configuration

Static

Local

experimental:
  localPlugins:
    geoblock:
      moduleName: github.com/nscuro/traefik-plugin-geoblock

Pilot

pilot:
  token: "xxxxxxxxx"

experimental:
  plugins:
    geoblock:
      moduleName: github.com/nscuro/traefik-plugin-geoblock
      version: v0.5.0

Dynamic

http:
  middlewares:
    geoblock:
      plugin:
        geoblock:
          # Enable this plugin?
          enabled: true
          # Path to ip2location database file
          databaseFilePath: /plugins-local/src/github.com/nscuro/traefik-plugin-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN
          # Whitelist of countries to allow (ISO 3166-1 alpha-2)
          allowedCountries: [ "AT", "CH", "DE" ]
          # Blocklist of countries to block (ISO 3166-1 alpha-2)
          blockedCountries: [ "RU" ]
          # Default allow indicates that if an IP is in neither block list nor allow lists, it should be allowed.
          defaultAllow: false
          # Allow requests from private / internal networks?
          allowPrivate: true
          # HTTP status code to return for disallowed requests (default: 403)
          disallowedStatusCode: 204
          # Add CIDR to be whitelisted, even if in a non-allowed country
          allowedIPBlocks: ["66.249.64.0/19"]
          # Add CIDR to be blacklisted, even if in an allowed country or IP block
          blockedIPBlocks: ["66.249.64.5/32"]