The Firewall service deploys various heuristic checks and methods to protect your site. One of our most popular security settings, and questions, utilizes geolocation in order to protect and filter requests made to your site depending on where that user/client is. This setting is our ‘GeoBlock’ feature. How does the firewall GeoBlock? With geolocation information is gathered from the users browser.
What is geolocation?
Geolocation is the process of identifying the geographical location of a person based on the digital information given off by their internet-connected device. While several technologies can be used to determine a person’s geolocation, the most reliable way is to use their IP address. The following details can be gathered from knowing one’s IP address:
- Region state or province
- Latitude and longitude
- Time zone
- Postal code
- Issuing Authority, which may differ from location of the IP
However, with various methods and tools users can spoof/fake their geolocation. We’ll touch more on how later in the article.
What do people use geolocation for?
Geolocation can also be used for a wide variety of reasons, marketing, advertisement, and what we are seeing more commonly now – anonymity. For example, I have several friends who (when abroad) will use a VPN connection to make it appear they are in the United States so they can watch their favorite Netflix series despite not being in the local region the show is allowed to broadcast in.
Geolocation and IP addresses
It is important to mention that IP addresses were never meant to designate a geographical location. Geolocation is based on IP address databases, and there are over 4 billions IPv4 addresses in use. One can only imagine how hard it is to keep the ownership status updated.
An IP address that belonged to a US company yesterday could today be owned by a Chinese company, for example. Until all changes are done to transfer the IP address ownership, the databases need to re-scan the IP address with the entity responsible for it.
The process takes time and therefore decreases the efficiency of a country block tool somewhat. IP database vendors such as MaxMind work hard to keep the IP databases always up to date, but unfortunately it is not “bulletproof” in a manner of speaking, although it does offer a great level of accuracy. IP addresses are also distributed by RIPE, IANA and ICANN.
How accurate is this information, you may ask? Companies like MaxMind, for example, test the accuracy of their data used in GeoIP2 products and services. As seen here, I would like to note that the firewall’s AnyCast Network also works to keep EU traffic in the EU. This assists clients in maintaining GDPR Compliance.
Now that we have that information out of the way, I would like to touch on some questions we hear a lot from our clients. These can be broken down into three categories:
- What is GeoBlocking and GeoFencing?
- Can using a VPN to change my location affect my Google Analytics?
- What is IPv6 compared to IPv4 and how accurate are these in determining location?
GeoBlocking and GeoFencing
Being able to determine the location of the user is how most web applications choose to either allow or deny access. GeoBlocking is a ruleset that disallows a specific area/region from being able to access your site. For example, if an ecommerce site doesn’t ship or sell outside of the US, there is no reason to allow any region other than the US to view your site.
Geofencing, on the other hand, is a practice to further permit or restrict connections. Remember my Netflix example from before? This is geofencing; they deploy this by permitting or blocking the user based on the subscriber’s country of origin on their source IP address.
VPN’s Impact on Google Analytics
Here I will answer some common questions that all relate to this topic:
How can VPN browsers significantly affect my analytics?
The answer, in almost every case, is close to none. I’ll explain how further in my next point.
Will using a VPN block me from my site if I enable ‘Block anonymous proxies and the top three attack countries’ setting within my Sucuri account?
No, secure browsing using VPNs still utilizes and stores visitor data via cookies. VPN users still use popular browsers such as Chrome, Firefox, Safari, MS Edge, and IE. The only portion that can change is the geolocation data due to VPN’s rerouting of the user IP address. This is how analytic services are not affected by secure browsing.
How do I block anonymous browsing over secure browsing?
Anonymous browsing is very different from secure browsing using VPNs, as mentioned previously. Users who want to achieve this have to install third-party software such as TOR, I2P, or Freenet in order to achieve anonymous browsing. This makes it very difficult for services such as Google Analytics to produce accurate results. If you are worried about receiving this type of traffic, the option to block anonymous browsers are under our ‘security options’.
IPv6 vs IPv4
IPv6 is the successor to the IPv4 standard, which suffers from the problem of exhaustion of available addresses. IPv6 solves this problem by using a 128-bit address instead of IPv4’s 32-bit address, which yields a possible pool of IPv6 addresses that is more than 7.9 x 10^28 the pool of IPv4 addresses; in other terms, assigning an IPv6 to every atom in existence.
We are still seeing the very beginning of the use as well as the translation of IPv6 to geolocation as some tests / services are only beginning to support IPv6. Services such as MaxMind, DigitalElement, and IP2Location have been on the forefront of translating IPv6 to geolocations.
The Sucuri website firewall has a geolocation filter that can be activated in order to protect your website from getting unwanted traffic. Feel free to contact us via chat or social media if you want to know more about how our geoblock feature works. Sign up to our blog feed to be on top of the latest website security news.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .