cancel
Showing results for 
Search instead for 
Did you mean: 

Geo Restrict Traffic Script

 

#// Traffic Script to Geo-Restrict access to a particular set of resources based on the country you are coming from.
#// Written by Aidan Clarke - Riverbed Technologies Dec 2012
#// email feedback to <aidan dot clarke at riverbed dot com>
#// As always, comments and feedback welcome.

#// Has 3 functions for geo restriction:
#// 1- Will only allow access to the restricted URL Stub from the list of countries specified in $CountriesAllowed array
#// 2- Will allow access outside of $CountriesAllowed if the user has authenticated and has an AuthToken Cookie
#// 3- Will over ride all access to the restricted URL Stub if the user is coming from countries specified in teh $CountriesBanned array #// URL Resource Prefix to restrict access to $restrictedUrlPrefix = "/restricted/"; #// ISO ISO 3166-1 alpha-2 list of countries allowed access to the Restricted Resources $countriesAllowed = ["AU", "NZ"]; #// ISO ISO 3166-1 alpha-2 list of countries totally banned from access to the Restricted Resources $countriesBanned = [ "NG" ]; #// The Authentication token to look for to over ride access outside of $countriesAllowed (but not $countriesBanned) $authCookie = "myAuthToken"; #// switch to toggle debug on or off: Possible Values: 0 or 1 $debug = "1"; #// sub routines so you can define what you want do do when you deny access sub denyAccess(){ #// log.info("denyAccess hit"); #// Deny access and close connection http.sendResponse( "403 Permission Denied", "text/html", "Go away", "Set-Cookie: denied=Yes"); } #// sub routines so you can define what you want do do when you permit access sub permitAccess(){ #// log.info("permitAccess hit..."); #// nothing to do here, pass through }
#// sub routines so you can define how you want to check the cookie is valid before you allow access sub checkCookie(){ #// log.info("checkCookie hit..."); log.info("checkCookie hit..."); #// nothing being done here, put some cookie validation code in here to check the cookie is not faked } #//####################################################################### #// Nothing to edit below this line #//####################################################################### $clientIP = request.getRemoteIP(); #$clientIP = "41.73.224.10"; #// sample NG Address useful for testing #$clientIP = "203.30.98.10"; #// sample AU Address useful for testing #$clientIP = "37.8.160.10"; #// sample FR Address useful for testing $clientCountry = geo.getCountryCode($clientIP); $path = http.normalizePath( http.getPath() ); #// Check if the URL in question is one we need to restrict access to: if ( string.startsWith( $path, $restrictedUrlPrefix ) ) { #// use case - deny if the client is accessing from a country in $countriesBanned foreach ( $badCountry in $countriesBanned ){ if ( $clientCountry == $badCountry ){ if ($debug == 1) {log.info("Client Country " . $clientCountry . " is banned from accessing " . $restrictedUrlPrefix . " on this site." ) ;} denyAccess(); } } #// if we get to here, the URL is restricted and the client is not coming from a country in $bannedCountries #// we want to check to see if they have $authCookie or if they are from a country in $countriesAllowed if ( http.getcookie( "myAuthToken" ) != "" ){
##// Client has an auth token and can access #// They are authenticated, we let the go through
if ($debug == 1) {log.info("Client Country: " . $clientCountry . " is permited to access " . $restrictedUrlPrefix . " on this site because they are authenticated." );} checkCookie(); } else {
foreach ( $goodCountry in $countriesAllowed ){ if ( $clientCountry == $goodCountry ){
#// They are from a permitted country, we let them go through if ($debug == 1) { log.info("Client Country: " . $clientCountry . " is permited to access " . $restrictedUrlPrefix . " on this site." );} permitAccess(); break; } else { if ($debug == 1) { log.info("Customer in Client Country: " . $clientCountry . " is banned from accessing " . $restrictedUrlPrefix . " on this site because they are not authenticated." );} denyAccess(); break; } } } }
Version history
Revision #:
2 of 2
Last update:
‎12-21-2020 09:17:AM
Updated by:
 
Contributors