Can ipinfo block just regions within a country? If so, how would that work?
2 Likes
Hi! Thank you for posting. Sorry for the late reply. I was out of the office for a few days.
Can ipinfo block just regions within a country? If so, how would that work?
This is a fantastic question. IPinfo can provide the data to block/allow regions within a country in three ways.
Frontend level access control with clientside JavaScript - (Easiest Solution)
For the frontend level access control, you can use our free IP to Geolocation API service to identify your visitor’s IP geolocation.
You embed a client-side javascript code that calls our API from the user’s browser and uses the user’s IP address to provide you with their geolocation context. You don’t have to get the IP address of the visitor you just need to make a call to IPinfo’s API.
Here is an article that achieves a similar goal: IP geolocation in Javascript (ipinfo.io)
Essentially, you need to embed a javascript function into your code that calls the IPinfo API on load. Then, it returns the API response in the following format:
{
"ip": "76.131.133.41",
"hostname": "c-76-131-133-41.hsd1.co.comcast.net",
"city": "Aurora",
"region": "Colorado",
"country": "US",
"loc": "39.7378,-104.8152",
"org": "AS7922 Comcast Cable Communications, LLC",
"postal": "80011",
"timezone": "America/Denver",
"readme": "https://ipinfo.io/missingauth"
}
From here, you get the region field from the response (response['region']), and you look up the list of whitelisted or blacklist regions.
Protip: if you just want the region, you can call the
/regionsubURL. E.g:https://ipinfo.io/76.131.133.41/region
Try out this JS fiddle: JSFiddle - Code Playground
The JS fiddle uses country-level blocking. Please kindly change the line: const apiKey = 'YOUR_API_KEY'; and add your IPinfo access token. Also, if you are using an adblocking extension, you need to disable it.
When a user visits from the blacklist region, you can:
- Modify the HTML page to hide the content
- Not make subsequent requests to show the content
It is the easiest solution, but the issue is that you have to embed your IPinfo access token on the client side so you should create a whitelist domain filter from your dashboard (see: Securing your IPinfo token on the frontend - Docs / API - IPinfo Community). Another issue is that the API call to IPinfo might get blocked for some reason or some extension. In that case, you should have an alternative plan. Please test out your solution thoroughly.
Backend-level access control with the API - (Recommended Solution)
This is another great approach to region control. Unlike your client-side solution, where you call the IPinfo API without providing an IP address, here you must get the visitor’s IP addresses and look up the IP geolocation information by using the user’s IP address.
In the backend solution, you can get the IP address of your visitor from the request header.
Here is a solution for getting the IP address of a visitor using Node.JS
const express = require('express');
const app = express();
app.get('/', (req, res) => {
const clientIP = req.ip; // This gets the client's IP address
res.send(`Your IP address is: ${clientIP}`);
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Then you use the clientIP to either call the API directly (https://ipinfo.io/${clientIP}?token=${apiKey}) or you can use the NodeJs library or the express library.
If you implement this solution, you use our library of official libraries to use our API that supports things like caching and internationalization.
This is a great solution as the API calls will not get blocked, you don’t have to embed your access token on the front end, and you have much more robust control of blocking users.
It is a much more effective usage of our API. The drawback is that the free tier IP geolocation provides 50,000 requests/month. So, if you are getting a lot of traffic, you may need to upgrade to a paid tier to increase your request limit. I recommend you use caching effectively to reduce your usage of monthly API limits.
Backend-level access control with the IP geolocation database - (High Traffic Solution)
The two methods I discussed above use our Free IP Geolocation API service. This is a IP to Geolocation database solution and usually deals with massive amounts of traffic, like millions of site visits per month. Let me know if you want to know about it, though.
Let me know what you think. I have not discussed the region-blocking mechanism. But if you have the data from IPinfo, region blocking code isn’t very difficult to write.