Pangolin

How to Geo-block with Pangolin

Owen Schwartz
Owen Schwartz
Co-founder & CTO
Cover Image for How to Geo-block with Pangolin

Introducing Native Geo Blocking in Pangolin Cloud

We're excited to announce that Pangolin now supports native geo blocking functionality within our cloud platform and managed instances. This allows you to have granular control over who can access your resources based on their geographic location (country, city, state).

What's New?

Geo blocking can be set up in the rules tab for any of your connected resources, and you'll find a new "Country" option alongside the existing IP and IP range filters. From there, you can create sophisticated access control policies.

You can combine country-based restrictions with other rule types like IP addresses, CIDR ranges, and path matching to create layered security policies that fit your exact needs.

Common Use Cases

Security Hardening: Reduce your attack surface by blocking access from regions with high levels of malicious activity or areas where you don't expect legitimate users.

Resource Optimization: Prevent unnecessary load on your services from regions where you don't operate, helping you optimize performance and costs.

Flexible Configuration Options

Pangolin's geo blocking supports multiple configuration patterns:

  • Allowlist: Create "Allow" rules for approved countries and deny all others
  • Blocklist: Block specific high-risk countries while allowing access from everywhere else
  • Hybrid Policies: Combine geographic restrictions with authentication requirements using "Pass to Auth" actions

The rules process in priority order, giving you fine-grained control over complex access scenarios. For example, you might allow direct access from your headquarters country while requiring authentication from trusted partner countries and blocking access entirely from high-risk regions.

Real-World Example

Here's a typical configuration for a company operating in the US, UK, and Germany:

  1. Priority 1: Allow - Country: United States
  2. Priority 2: Allow - Country: United Kingdom
  3. Priority 3: Allow - Country: Germany
  4. Priority 4: Deny - Country: ALL

This setup provides immediate access for users in your approved regions while blocking everyone else.

Important Considerations

While geo blocking provides valuable security benefits, it's important to remember that IP geolocation isn't always 100% accurate. Users with VPNs, proxies, or mobile networks may appear to be from different countries than expected. We recommend testing your rules thoroughly and considering how legitimate users might be affected.

Previous Article

Cover for Managed self-hosted: what is it, and why?

Managed self-hosted: what is it, and why?

Learn about our new managed self-hosted offering, which combines the best of self-hosted and cloud solutions.