Option BlockCountryChange

Learn how to use the Option BlockCountryChange config.txt directive to block users who attempt to bypass restrictions in EZproxy.

Option BlockCountryChange is a security directive that blocks users who attempt to bypass restrictions by logging in from one country and then trying to access EZproxy from another country. If EZproxy detects the user's location at login, based on the two-letter country code attached to the IP address, has changed to a new two-letter country code attached to a new IP address, the user will be blocked.

Option BlockCountryChange is a position-independent config.txt directive that causes EZproxy to deny access to a user whose IP address changes and the two-letter country code for the new IP address is different from the country code for the IP address used while logging in. To use this option, the Location directive must be configured to allow EZproxy to determine the origin country of IP addresses.

Syntax

Option BlockCountryChange

Example

The following configuration shows the Option BlockCountryChange directive along with the Location directive configuration necessary to make BlockCountryChange work.

Location -File=GeoLiteCity.dat.gz
 Option BlockCountryChange

For more details about how to configure Location to work properly with the GeoLite City data file, please see Location.

Defining Locations to Customize Option BlockCountryChange

In certain, rare cases, entering Option BlockCountryChange in your config.txt may inadvertently block users who should be allowed to access your resources. If you think your users are being denied access because their IP address and location change during a session, you can use the Location directive to manually define the location of their IP addresses. The Location directive page linked above provides more details about how to enter these manually-defined IP address country codes.

Related directives 

Audit, Location