brent saner via plug on 30 Nov 2020 13:19:44 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Reverse Proxy based on GeoIP


If you're doing it for perceived (client-side) performance/responsivity:

https://www.medianova.com/en-blog/2016/10/26/what-is-anycast-dns


If you're doing it for restricting content/access:

https://en.m.wikipedia.org/wiki/Split-horizon_DNS



sent from my toaster.

On Mon, Nov 30, 2020, 16:04 Thomas Delrue via plug <plug@lists.phillylinux.org> wrote:
Hi,

I have a peculiar scenario that I'm trying to get to work and I just
can't wrap my mind around how.

Let's say I have two distinct servers, serving respectively
- a.com
- b.com
I own both a.com and b.com as domain names and for all intents and
purposes, the content on those sites are static and served over HTTPS.

Both these websites are publicly available and are /different/ sites.
They are also hosted by third parties and so not easily changed (for all
intents and purposes, assume these cannot be changed).

Here's the tricky (or sneaky, if you will) thing I'd like to do:

Anyone going to a.com - from anywhere in the world - should see a.com
EXCEPT when they are coming from Country 'foo', 'bar', or 'qux'(*).
Those, and only those, should be redirected to b.com.

So if I come from country blah, and enter a.com in my address bar, then
I do indeed see a.com.
HOWEVER, if I come from any one country in {foo|bar|qux}, and I enter
a.com, I should be redirected to b.com (and my address bar should show
b.com). In this last case, it's totally OK for this to be a totally
clean redirect/hand off from the reverse proxy serving a.com to the
server serving b.com.

My initial thought was to set up a new server to act as a reverse proxy
and make the DNS record(s) for a.com point to that reverse proxy and
where I go from there is where I get stuck...

I know that with NGINX, you can do reverse proxying. That's standard stuff.

I know you can do reverse proxying based on originating IP, but to the
best of my understanding, that's limited to hard-coded IPs (i.e. if you
come from 1.2.3.4, redirect to uat.env.com, but if you come from
3.4.5.6, then direct to dev.env.com, etc...).

So this is my first blocker, is what I'm asking (i.e. turn those hard
coded IP addresses into GeoIP countries) even doable, be it this
suggested way or even at all? Has anyone done something like this and
care to share their solution?

And then on top of that: am I even thinking about this properly or is
there another solution that I'm totally missing?

Thanks

(*) I am aware of some inaccuracies in GeoIP mapping of IP to country, I
can live with those inaccuracies as long as 'generally' it works.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug