Recipe: GeoIP blocking policy
Block or allow traffic based on geographic origin using Meridian's built-in GeoIP engine. No third-party services required.
Step 1 — Enable GeoIP resolution
# meridian.yaml geoip: enabled: true database: maxmind_geolite2 refresh_interval: 168h
Meridian ships with an embedded MaxMind GeoLite2 database. Updates are fetched weekly.
Step 2 — Define a blocking rule
# meridian.yaml
rules:
- name: block-high-risk-regions
match:
geoip_country:
- RU
- KP
- IR
action: deny
response:
status: 403
body: "Access denied from your region."Step 3 — Apply and verify
meridian apply meridian test --source-ip 185.12.34.56
The test command simulates a request from the given IP and reports which rule matched.
Allowlist override
You can exempt specific IPs or CIDR ranges from GeoIP blocking:
allowlist: - 203.0.113.5 - 198.51.100.0/24