We're looking at deploying CloudFlare as a WAF for our site. One of the requirements is that we restrict access to the site from outside North America. Fortunately, CloudFlare supports GeoLocation, and stamps requests to the origin server with a location header.
Now, however, I need to figure out how to whitelist countries. Ideally, I'd like to specify CA
and US
or whatever as permissible values, and reject everything else, but in IIS, it seems to only support blacklisting.
Is there a way to do this in IIS alone, or does anyone know of a third part module that does this?