-1

What are the better ways of filtering access to the web application based on Geographical location. Is it possible with a network layer firewall or we need an application layer?

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
N'Kauh Nathan-Régis Bodje
  • 269
  • 2
  • 4
  • 1
    I think this question can be merged with http://security.stackexchange.com/questions/1358/what-tools-are-available-to-identify-which-country-a-specific-ip-address-is-loca – Ali Ahmad Dec 27 '12 at 06:15

2 Answers2

3

Filtering in a network firewall will give you a better performance (benchmark to see how much faster it is). Filtering in the application will give you greater flexibility, including notifying people that you don't support access from their country. It's easy to do such a thing from the application, but to do this at a network layer, you need to redirect all new 80/TCP connections, coming from unwanted countries, to a different HTTP server, which will then serve a static webpage explaining the situation. You have to decide what is more important for your particular situation.

Matrix
  • 3,988
  • 14
  • 25
0

You can also use free reverse proxy solution that support IP/Geo filtering.

This will be both faster and more user friendly (will combine the advantages of higher level filtering with the ability to present error messages)

Igal Zeifman
  • 563
  • 3
  • 8