Skip to main content

Country and IP Restrictions

Dana Anderson
  • Updated

 

Country Restriction

Geolocation allows the administrator to block incoming connections coming from a geographic location. 

For this feature to work correctly you must signup for an account at ipstack.com*

Before you configure Geolocation to block a country, make sure to evaluate the geographic location of where your users are connecting from.

 

mceclip1.png

 

 

Configure Geolocation

Use HTTPS Connection (Premium Ipstack account required) When enabled IPstack will transmit over HTTPS.
Ipstack Geolocation API Access Key Signup for an account* at Ipstack.com and enter your ipstack.com provided API Access Key here.
Country Geolocation Authorization Mode

This setting controls how connections from countries are authorized when geolocation is enabled.

When Allow Countries is selected, connections will be allowed if they come from a country on the list.

If Deny Countries is selected, connections will always be blocked if they come from a country on the list.
On Geolocation Service Failure

This setting controls what happens when the server is unable to reach or get a valid response from the geolocation service.

If Allow Connections is selected then the connection will be allowed to skip the country block check.

If Deny Connection is selected, the connection will always be blocked if a response is not received from the geolocation service.
Test  Validate your Ipstack API key. 

 

* A free Ipstack API key includes 100 requests per month, we recommend upgrading to a premium plan.

 

How to use Geoblocking

Administrators can zoom in and select countries on the world map, or type a country into the country edit control to get a drop-down list of available matching countries that they can easily select.

 

country_restrictions.jpg

 

IP Firewall Management

IP Manager allows an administrator to selectively allow or deny access to the FTP server based on IP address. The IP manager functions in one of two policy modes, either denying any IP addresses listed from logging into Cerberus FTP Server (functioning as a Deny List) or only allowing IP addresses listed to log in (an Allow List).

 

map.jpg

 

The IP list shows the IP address or IP address range and how long that address or address range is blocked. Possible options for block time are “Forever” (Deny mode), “Never” (Allow mode)

 

Adding a single IP address to the IP manager policy

IP addresses can be managed individually, or whole ranges of addresses can be affected by the current policy. To add a single address to the current policy, select new and the “Add An IP Range” dialog will appear. Then, enter the IP address you wish to add to the first IP address box. Finally, click the “Add” button immediately below the IP address box.

IP_Range.jpg

Adding a range of IP addresses to the IP manager policy

To add a range of addresses, select New, and the “Add An IP Range” dialog will appear. Then, enter the beginning IP address in the “IP From” box and the ending IP address in the “IP To” box. The range will be interpreted as a contiguous range of addresses to block or allow. Finally, click the Add button immediately below the IP address box.

CIDR Support

You can also enter a range of IP addresses in CIDR notation using the CIDR edit box. You can enter one CIDR range or multiple CIDR ranges. To enter multiple CIDR ranges, separate each CIDR range with a space or comma. The CIDR address will be converted to a contiguous range and added to the IP Manager list.

Deleting IP addresses from the current policy

You can also delete an IP address or a range of IP addresses by right-clicking on the selected IP and selecting “Delete” from the menu that appears. Note: You can also select and delete multiple items at once from the IP manager by ctrl or shift-clicking multiple items in the list box.

Searching for an IP address

You can use the “Filter” button at the top of the IP list box to search for an IP address in the list box. Start typing and the filter will select the first IP address or range of IP addresses containing the IP address you are searching for.

Importing a .CSV of IP addresses

A new feature added in 2024.2 is the ability to import .CSV files that contains a list of IP addresses to be added onto the current IP Firewall Management list. An 'Import' button, located on the right side of the IP Firewall Management page (next to the New button), facilitates this feature. This provides an alternative to the existing 'New' button, which permits the manual addition of a single IP or an IP Range to the IP list. Find our blog post here for more information:

 

Related articles

Comments

1 comment

Date Votes
  • Christopher

    Would be nice to also see support for a local database, like Maxmind MMDB, that way, we dont need to pay another 3rd party.

    0

Please sign in to leave a comment.