Restricting Access by Country

Applies To:

HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS.

HTTP SmallLegacy. If you are currently serving traffic over this platform, then you may continue to do so. However, we recommend that you serve your traffic over our more robust HTTP Large platform.

ADNThe Application Delivery Network platform has been optimized to deliver dynamic content (e.g., login credentials, account information, etc.) over HTTP or HTTPS. Typically, user-specific and database-driven content are served over this platform.

TBAThe Token-Based Authentication feature enforces authentication prior to content delivery. Authentication takes place via an encoded token value that must be included in the request URL. This token value is then decrypted on an edge server. The requested content will only be delivered when the user meets the requirement(s) defined in the token.

The Allow Country (i.e., ec_country_allow) and the Deny Country (i.e., ec_country_deny) parameters may be used to restrict access by the country from which the request originated.

Restriction	Parameter	Description
Allow	ec_country_allow	This parameter only allows requests that originate from one or more specified countries. Requests that originate from all other countries will be denied access.
Deny	ec_country_deny	This parameter denies requests that originate from one or more specified countries. Requests that originate from all other countries will be allowed.

An alternative method for restricting access by country is the Country Filtering feature. This feature, which is supported on the HTTP Large, HTTP Small, and the ADN platforms, is available from the Country Filtering page. The Country Filtering feature is applied to all platform-specific traffic and therefore doesn’t require the use of tokens, which reduces setup time.
Learn more.

Key information:

These parameters may be set to any two-letter ISO 3166 country code.

View a list of valid country codes.
Specify multiple countries by separating each country code with a comma (as shown below).
US,GB,MX,FR
- Do not add a space when delimiting countries. Country codes that are preceded by a space will be excluded from a token’s requirements.
Country codes are case-insensitive.
In the atypical scenario where a token contains both the Allow Country and the Deny Country parameters, the Allow Country parameter (i.e., ec_country_allow) takes precedence over the Deny Country parameter (i.e., ec_country_deny).

Sample Scenario

Set the Allow Country parameter to the following value to only allow requests from the United States, Mexico, and Canada:

ec_country_allow=US,MX,CA

A request submitted from any other country will be denied if it leverages a token generated using the above parameter.