Introducing Native Geo Blocking in Pangolin Cloud
We're excited to announce that Pangolin now supports native geo blocking functionality within our cloud platform, remote node instances, and self-hosted editions. This allows you to have granular control over who can access your resources based on their geographic location (country, city, state).
What's New?
Geo blocking can be set up in the rules tab for any of your connected resources, and you'll find a new "Country" option alongside the existing IP and IP range filters. From there, you can create sophisticated access control policies.
You can combine country-based restrictions with other rule types like IP addresses, CIDR ranges, and path matching to create layered security policies that fit your exact needs.
Common Use Cases
Security Hardening: Reduce your attack surface by blocking access from regions with high levels of malicious activity or areas where you don't expect legitimate users.
Resource Optimization: Prevent unnecessary load on your services from regions where you don't operate, helping you optimize performance and costs.
Flexible Configuration Options
Pangolin's geo blocking supports multiple configuration patterns:
- Allowlist: Create "Allow" rules for approved countries and deny all others
- Blocklist: Block specific high-risk countries while allowing access from everywhere else
- Hybrid Policies: Combine geographic restrictions with authentication requirements using "Pass to Auth" actions
The rules process in priority order, giving you fine-grained control over complex access scenarios. For example, you might allow direct access from your headquarters country while requiring authentication from trusted partner countries and blocking access entirely from high-risk regions.
Real-World Example
Here's a typical configuration for a company operating in the US, UK, and Germany:
- Priority 1: Allow - Country: United States
- Priority 2: Allow - Country: United Kingdom
- Priority 3: Allow - Country: Germany
- Priority 4: Deny - Country: ALL
This setup provides immediate access for users in your approved regions while blocking everyone else.
Important Considerations
While geo blocking provides valuable security benefits, it's important to remember that IP geolocation isn't always 100% accurate. Users with VPNs, proxies, or mobile networks may appear to be from different countries than expected. We recommend testing your rules thoroughly and considering how legitimate users might be affected.