0

I need to restrict access to a website because of countries regulations. I know that Hosting providers or CDNs/Webservers like Cloudflare or NGINX can do that for me and is probably the best approach (?) but I think only if the website needs to scale and since it has small expected traffic I'd like to just implement it myself for the start.

This question is not about how to get the users IP or how to use geolocation APIs with that IP. It is about how to design the backend to deny or grant access to the website for the clients.

  1. Do I need to do it on every request to the server ? If yes should I just write middleware that rejects the request if it is a blocked coutry or put that logic somewhere else ?
  2. Or can I do it once and then just "remember" it somehow for that client (how reliable would that be/ could that be abused ?).

I just dont want to build a super stupid design where I affect the performance of the backend just for a simple task like that.

Thank you in advance.

NicoLS
  • 27
  • 4
  • It depends on the API of your choice. Some companies do not allow you to cache the geolocation responses, so you may have to send a geolocation request for every request to your website. – Harun Yilmaz Jan 19 '23 at 10:34
  • @HarunYilmaz thank you for the response, can you elaborate on that I don't quite understand what you mean. Do you mean if I get the users IP and query a geolocation API to determine where their're at, the API provider can prohibit me caching its response ? – NicoLS Jan 19 '23 at 11:02
  • Some of the API providers explicitly tells that it's not allowed to cache the responses of the calls to their APIs. You can technically cache them but it might be against the terms and conditions which may cause legal issues. – Harun Yilmaz Jan 19 '23 at 12:56

0 Answers0