I need geoblock few countries and ASes, but for obvious reason I can’t use Varnish for this task as with my other sites. This solves that headache, if it is still operational.
Thanks for developing this useful plugin, Richard.
I made some minor modifications to adapt to my use case: blocking certain URLs for users in certain regions. What I’ve done is, in add_model_callback(:application_controller, :before_action), adding some more match rules with request.fullpath, e.g.:
I find that this URL-level geo-blocking works if I access the URL by directly typing it in the browser navigation bar. However, if I navigate to the URL by clicking it from Discourse homepage, this doesn’t work. (but after pressing F5 to refresh the page, it gets blocked.)
Could you give me any advice to fix this issue? Thanks.
You would need to add some Ember code that intercepts the router as well.
However, I think that you would need to take a different approach here. This plugin was not built for such specific filtering.
It would probably work way better to create a separate plugin that has a mechanism to add/remove users to groups based on their geolocation, and then you could leverage the existing group security to restrict or allow access to specific parts of the forum.
Ok thanks for that pointer. I was not factoring in exit nodes and I have no idea where the exit nodes where on the connections, the whats my ip read out was good enough for me, it matched the region/country that was being test geo blocked.
So flip it, I have blocked the zone of the zone I am located in and not used a VPN, use a different device one where I can test both fixed and cellular network, and still nothing happens, no geo block kicks in as expected when dialling in.
Please understand that a proxy, VPN or Tor will always be able to circumvent these kind of mechanisms. The plugin is not supposed to block those. Geo blocking is done either for legal reasons, or to block access for a casual visitor.
Thank you for this great plugin.
If its purpose is to prevent spam or unwanted countries to reach public pages, could it for a private discourse instance prevent bad bots scans as well?
If your instance is private (i.e. login required) then bots cannot access it anyway (unless they would have been specially crafted to create an account and log in).
Scrapers are a different thing, because those steal content. Spam bots that are an issue on public instances are a totally similar issue for private forums. That’s why we have AI scanning content.
For me, geo blocking cuts away a decent amount of unwanted calls and logins. I can use it because I have an all-Finnish forum [1] but a global one can’t use it, of course.
Every knocker increases the load for the web server, but Discourse is different than the PHP-world. A bot can easily do a DDoS type effect to WordPress, and then geo blocking might be one part of the defense strategy. But Discourse is much more immune to that, I guess.
But against spam bots, geo blocking doesn’t help if all countries must be allowed.
Thank you for your reply, Yes indeed they won’t get any data but I still see them in nginx logs and it still generates unwanted connections so I’ve installed this easy tool to ban connections to the vps from certain countries before it even reaches the docker discourse instance GitHub - friendly-bits/geoip-shell: User-friendly and versatile geoblocker for Linux
Yes, that is a great tool. Note that that causes a “hard” block, while the plugin gives you a nice and configurable message that you can show to blocked users.