Geofencing

Nova ADCs automatically insert the X-Nova-Country header to allow your upstreams to tell which country the client connected from. We use a 2 character country code for thing, e.g. US, ZA, GB, etc.

Default Allow

In Default Allow mode Geofencing will block users from the country list you provide. If you were to add Russia to the list for example, it would then be blocked from accessing your sites.

Screenshot

Default Deny

Opposite to the above, Default Deny will prevent all users from accessing the ADC and its upstreams, except for the countries in the list. If you added United States and Canada to the list only those two countries would be able to access the servers behind Nova.

Geofencing Use Cases

Geofencing allows you to prevent abuse from a country that you may be suffering a brute force or DoS attack from. Conversely, it allows you to only allow a specific country in the event that you know all your users are from a set of locations.

Remember that geofencing is done via country based IP lists, and is not an exact science. There can be incorrect ranges.

Sanction Enforcement

It is very easy to enforce sanctions using the Nova Geofencing function. For example, US companies may want to set it to Default Allow, but block access from Iran, Syria, Cuba and Sudan. You can easily apply these rules on your ADC and prevent all access from those locations.

This site or product includes IP2Location LITE data available from https://www.ip2location.com.