[PLUG] Reverse Proxy based on GeoIP

Thomas Delrue via plug on 30 Nov 2020 13:04:29 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Reverse Proxy based on GeoIP

From: Thomas Delrue via plug <plug@lists.phillylinux.org>
To: PLUG Mailing List <plug@lists.phillylinux.org>
Subject: [PLUG] Reverse Proxy based on GeoIP
Date: Mon, 30 Nov 2020 16:04:18 -0500
Reply-to: Thomas Delrue <thomas@epistulae.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0

Hi,

I have a peculiar scenario that I'm trying to get to work and I just
can't wrap my mind around how.

Let's say I have two distinct servers, serving respectively
- a.com
- b.com
I own both a.com and b.com as domain names and for all intents and
purposes, the content on those sites are static and served over HTTPS.

Both these websites are publicly available and are /different/ sites.
They are also hosted by third parties and so not easily changed (for all
intents and purposes, assume these cannot be changed).

Here's the tricky (or sneaky, if you will) thing I'd like to do:

Anyone going to a.com - from anywhere in the world - should see a.com
EXCEPT when they are coming from Country 'foo', 'bar', or 'qux'(*).
Those, and only those, should be redirected to b.com.

So if I come from country blah, and enter a.com in my address bar, then
I do indeed see a.com.
HOWEVER, if I come from any one country in {foo|bar|qux}, and I enter
a.com, I should be redirected to b.com (and my address bar should show
b.com). In this last case, it's totally OK for this to be a totally
clean redirect/hand off from the reverse proxy serving a.com to the
server serving b.com.

My initial thought was to set up a new server to act as a reverse proxy
and make the DNS record(s) for a.com point to that reverse proxy and
where I go from there is where I get stuck...

I know that with NGINX, you can do reverse proxying. That's standard stuff.

I know you can do reverse proxying based on originating IP, but to the
best of my understanding, that's limited to hard-coded IPs (i.e. if you
come from 1.2.3.4, redirect to uat.env.com, but if you come from
3.4.5.6, then direct to dev.env.com, etc...).

So this is my first blocker, is what I'm asking (i.e. turn those hard
coded IP addresses into GeoIP countries) even doable, be it this
suggested way or even at all? Has anyone done something like this and
care to share their solution?

And then on top of that: am I even thinking about this properly or is
there another solution that I'm totally missing?

Thanks

(*) I am aware of some inaccuracies in GeoIP mapping of IP to country, I
can live with those inaccuracies as long as 'generally' it works.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Reverse Proxy based on GeoIP
  - From: brent saner via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] IoT Unravelled: parts 1 to 5
Next by Date: Re: [PLUG] Reverse Proxy based on GeoIP
Previous by thread: [PLUG] Getting an IPv6 address with DHCP
Next by thread: Re: [PLUG] Reverse Proxy based on GeoIP
Index(es):
- Date
- Thread