How to Block Clients by Country and Geolocation on Heroku
Why you might need this
On the global internet, attacks can originate from any country. Often attacks will be launched disproportionately from countries that are not clients that you’re trying to attract (for subject or language reasons).
Blocking countries from connecting to your site is often an easy way to reduce the overall attacks happening against your site.
Prerequisites
What you need to get started:
- Expedited WAF add-on is setup in front of your application.
How To Block Countries from Heroku
You can block requests from individual countries to reduce the incidence of fraud or other malicious interactions.
Blocking POST requests
Blocking POST requests helps prevent malicious actions like brute-force login attempts, form hijacking (where additional fields or files are added into a form), and possible manipulation of application rules.
On the Block Bots page of your Expedited WAF dashboard, select the Country from POSTing option, and a list of countries to choose will appear.
Blocking GET requests
Blocking GET requests can stop certain forms of DDOS attacks, vulnerability scans, and fraud attempts.
On the Block Bots page, select the Country from GETing option, and a list of countries to choose will appear.
Notes
- You can review what countries are launching attacks in the dashboard and then block the prominent ones
Resources
Learn more about Geolocation filtering.