How to Geo-block with Pangolin

August 29, 2025

We're excited to announce that Pangolin now supports native geo blocking functionality within our cloud platform, remote node instances, and self-hosted editions. This allows you to have granular control over who can access your resources based on their geographic location (country, city, state).

What's New?

Geo blocking can be set up in the rules tab for any of your connected resources, and you'll find a new "Country" option alongside the existing IP and IP range filters. From there, you can create sophisticated access control policies.

You can combine country-based restrictions with other rule types like IP addresses, CIDR ranges, and path matching to create layered security policies that fit your exact needs.

Common Use Cases

Security Hardening: Reduce your attack surface by blocking access from regions with high levels of malicious activity or areas where you don't expect legitimate users.

Resource Optimization: Prevent unnecessary load on your services from regions where you don't operate, helping you optimize performance and costs.

Flexible Configuration Options

Pangolin's geo blocking supports multiple configuration patterns:

Allowlist: Create "Allow" rules for approved countries and deny all others
Blocklist: Block specific high-risk countries while allowing access from everywhere else
Hybrid Policies: Combine geographic restrictions with authentication requirements using "Pass to Auth" actions

The rules process in priority order, giving you fine-grained control over complex access scenarios. For example, you might allow direct access from your headquarters country while requiring authentication from trusted partner countries and blocking access entirely from high-risk regions.

Real-World Example

Here's a typical configuration for a company operating in the US, UK, and Germany:

Priority 1: Allow - Country: United States
Priority 2: Allow - Country: United Kingdom
Priority 3: Allow - Country: Germany
Priority 4: Deny - Country: ALL

This setup provides immediate access for users in your approved regions while blocking everyone else.

Important Considerations

While geo blocking provides valuable security benefits, it's important to remember that IP geolocation isn't always 100% accurate. Users with VPNs, proxies, or mobile networks may appear to be from different countries than expected. We recommend testing your rules thoroughly and considering how legitimate users might be affected.

About Pangolin

Pangolin is an open-source infrastructure company that provides secure, zero trust remote access for teams of all sizes. Built to simplify user workflows and protect critical systems, Pangolin helps companies and individuals connect to their networks, applications, and devices safely without relying on traditional VPNs. With a focus on device security, usability, and transparency, Pangolin empowers organizations to manage access efficiently while keeping their infrastructure secure.

Stop managing networks. Start managing access.

Try for free Get a demo

Keep reading

How Pangolin Works

Pangolin is a zero-trust access platform that provides secure, identity-centric access to applications and infrastructure - without opening firewall ports or deploying traditional VPNs. Let's walk through how the system works.

Product

March 8, 2026

Comparison - Pangolin vs. Zscaler

How a self-hostable open-source access platform and an enterprise cloud security suite differ in architecture, traffic routing, deployment, and fit.

Product

March 3, 2026

Pangolin 1.16 - SSH with certificate-based authentication, PAM integration, and seamless terminal access

Managing SSH keys across teams is a nightmare. With version 1.16, Pangolin eliminates that pain entirely with certificate-based SSH authentication, just-in-time user provisioning via PAM, and terminal access that just works.

Product

February 27, 2026