How do I block countries from accessing my CDN pull zone?

Introduction

bunny.net is a global content delivery network (CDN) offering users the ability to accelerate their content and applications to users worldwide. In some cases, users may want to block access to a pull zone from a specific country due to legal, regulatory, or other reasons. This article will guide you through the process of blocking access to a pull zone from a specific country using the bunny.net dashboard and provide an explanation of how the block is applied.

Prerequisites

Before proceeding, ensure that you have the following:

  • A bunny.net account. If you don't have one, sign up here.
  • An active pull zone. If you haven't created one yet, follow the instructions in this guide.

Blocking Access to a Pull Zone from a Specific Country

We allow users to block access to specific countries, using our easy to use option in the Bunny Dashboard.

You should first login to your account, and then click the 'Delivery' drop down on the left hand side. Within this drop down, please click 'CDN' and then click on the respective pull zone that you wish to configure.

LOj7jlsF0p.png

Following this, please click the 'Traffic Manager' option shown within the sub-menu for pull zone configuration.

Mc041hvXa7.png

You will then be greeted with a map, as well as two options for 'Redirected countries' and 'Blocked countries'.

Redirected countries allows you to redirect user requests to the most affordable possible pricing region, which is North America / Europe. This could theoretically allow you to enable more expensive regions, such as Asia, but only let traffic flow to Asian PoP's from specific countries that you wish to have better performance.

Blocked countries will completely block access to your pull zone at a DNS level. This will cause DNS requests to the pull zone from the given country to return IP address '127.0.0.1' - therefore blocking the connection to the CDN and presenting a connection error to the user. 

You can enable these options by clicking the map, or using the drop downs available under each option.

1dT5SQD0Q5.gif

How the Country Block Works

We detect user location for this feature by geolocating the provided eDNS IP address of the end user. This is done by using the MaxMind GeoIP2 database. If the DNS resolver does not provide an eDNS IP address, we geolocate the DNS resolver IP address itself.

If the location data matches, we then return '127.0.0.1' as the IP address of the hostname - which in turn simulates blocked access to the zone. This does not come at any additional cost to our users, and prevents any HTTP request from being logged on the given pull zone.

Conclusion

Blocking access to a pull zone from a specific country using the bunny.net dashboard is a straightforward process that allows users to comply with legal, regulatory, or other requirements. By following the steps outlined in this article, you can effectively restrict access to your content based on a user's country of origin. Keep in mind that while IP-based blocking is widely used, it may not be foolproof due to the potential for users to bypass the restrictions using VPNs or proxies.

Table of Contents

Was this article helpful?
2 out of 3 found this helpful