[TriLUG] Reverse Proxying and redirecting based on GeoIP
Thomas Delrue via TriLUG
trilug at trilug.org
Mon Nov 30 16:05:12 EST 2020
Hi,
I have a peculiar scenario that I'm trying to get to work and I just
can't wrap my mind around how.
Let's say I have two distinct servers, serving respectively
- a.com
- b.com
I own both a.com and b.com as domain names and for all intents and
purposes, the content on those sites are static and served over HTTPS.
Both these websites are publicly available and are /different/ sites.
They are also hosted by third parties and so not easily changed (for all
intents and purposes, assume these cannot be changed).
Here's the tricky (or sneaky, if you will) thing I'd like to do:
Anyone going to a.com - from anywhere in the world - should see a.com
EXCEPT when they are coming from Country 'foo', 'bar', or 'qux'(*).
Those, and only those, should be redirected to b.com.
So if I come from country blah, and enter a.com in my address bar, then
I do indeed see a.com.
HOWEVER, if I come from any one country in {foo|bar|qux}, and I enter
a.com, I should be redirected to b.com (and my address bar should show
b.com). In this last case, it's totally OK for this to be a totally
clean redirect/hand off from the reverse proxy serving a.com to the
server serving b.com.
My initial thought was to set up a new server to act as a reverse proxy
and make the DNS record(s) for a.com point to that reverse proxy and
where I go from there is where I get stuck...
I know that with NGINX, you can do reverse proxying. That's standard stuff.
I know you can do reverse proxying based on originating IP, but to the
best of my understanding, that's limited to hard-coded IPs (i.e. if you
come from 1.2.3.4, redirect to uat.env.com, but if you come from
3.4.5.6, then direct to dev.env.com, etc...).
So this is my first blocker, is what I'm asking (i.e. turn those hard
coded IP addresses into GeoIP countries) even doable, be it this
suggested way or even at all? Has anyone done something like this and
care to share their solution?
And then on top of that: am I even thinking about this properly or is
there another solution that I'm totally missing?
Thanks
(*) I am aware of some inaccuracies in GeoIP mapping of IP to country, I
can live with those inaccuracies as long as 'generally' it works.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20201130/26cec301/attachment.pgp>
More information about the TriLUG
mailing list