Anyone have any creative uses for geolocation they would be willing to share? Any gotchas besides that it won't work against the local DB?
I'm thinking more from a logging perspective where we can see how many hits went to a certain country, what was the reputation of those links at a certain country, how many blocked hits based on a certain country.
Any chance you could put the templates and the rules that you are using for geolocation blocking and collecting that information in the logs. I have gotten it to block based on geolocation but right now only the two digit country code is listed and not the full name. Also, the location of geolocation country code to full name list would be helpful. I had it saved but screwed up and deleted the link.
Attached are rules and pages.
The rules do a CloudOnly lookup and assign the results to a variable:
|Enabled||Block sites in GeoBlacklist|
1: URL.Geolocation<CloudOnly> is in list GeoLocationCodes
2: AND List.OfString.IsEmpty(GeoLocationNames) equals false
|Continue||Set User-Defined.Geolocation = URL.Geolocation<CloudOnly>|
The condition "List.OfString.IsEmpty(GeoLocationNames) equals false" is used strictly for attaching the list of full country names to the ruleset for export/import and does not do anything by itself.
I have a list of countries I want to ban, and they will block if there is a match:
|Enabled||Block sites in GeoBlacklist|
1: User-Defined.Geolocation is in list GeoBlacklist
I also included reputation checking in this rule set because we already are doing the lookup, so why not. It is optional.
|Enabled||Block Bad Reputation Sites|
1: URL.ReputationString<CloudOnly> equals "High Risk"
2: OR URL.IsHighRisk<CloudOnly> equals true
The real meat is on the block page. It may not import exactly, but there are a list of images with the flags, each with it's country symbol. (US.gif, GB.gif, CA.gif, etc) Import those to the img/ folder.
Then, the HTML on the block page itself may or may not work as imported. You may have to adjust the references to the properties.
There is a section that displays the flag, you may have to adjust:
<img src='$Proxy.EndUserURL$/files/default/img/button_$String.ReplaceAll(URL.ReputationString<MostRecent >," ","")$.gif' />
When you add that property, make sure the Most Recently Used Settings is checked for URL.Reputation.
Then you want to display the full country name, you have to use:
Basically, it takes the 2-digit country and uses it as an index in the CountryNames list to get the full country name.
(I did not attach the logging rules. You must enter them yourself.)
And finally in the logs, I have a field in my access.log that appends the full country name to the Geolocation variable:
1: User-Defined.Geolocation does not equal "Unknown"
|Continue||Set User-Defined.Geolocation = |
Set User-Defined.Geolocation = String.ReplaceIfEquals(User-Defined.Geolocation,"-Unknown","Unknown")
And print the Geolocation in the access log:
" "" +
"" " +
Still having problems in displaying the full country name in the block page. It is coming up as Geolocation: (two_letter_country_code) flag.img. I am missing something in somewhere.
When you view the source of the block page, the flag image should be substituted as:
You said ".img" nor ".gif" in your post.
Good stuff! With regards to your report, is that bytes sent? So geolocation info will only show up if you use real time GTI lookups, and not the local DB?
Web Reporter does Bytes from Server by default I think.
Geolocation only shows up with a CloudOnly lookup. We don't download and maintain the IP list for countries on box.
In practice, I might craft the overall rules to do a local lookup against categories that I want to block, then for uncategorized sites do the CloudLookup with Geolocation. That means You won't get countries in the logs for things in the local database, but will for the sites that are not local.
Does that make sense?
is it possible to match the Connection.IP with the Geolocation Data. Eg. in a reverse proxy environment to block access from specific countries?