Does Syspeace have geoblocking/country blocking capabilities?
Yes, since Syspeace 3.0, Syspeace supports a form of country blocking using “Country rules”. Here’s how it works.
- You can define which countries should be blocked on activity using “Country rules”. By default, no countries are blocked.
- When a login attempt is detected by Syspeace, the IP address is mapped to a country with an IP-to-country database. (We use GeoLite2 from MaxMind, Inc.)
- Once login attempts are detected from one of these country, the IP address is blocked as usual by Syspeace. Just as if they had “earned” a block by triggering one of the other rules.
Please note the following:
- Syspeace does not preemptively block all traffic from every IP address that is mapped to belong to a blocked country.
- Syspeace does not block countries based on all network traffic, only based on login attempts that it detects. If you set up a Country rule to block Sweden on activity and have a web site with Swedish visitors, they will not trigger the block. However, if someone from an IP address that the database will determine is from Sweden triggers a login attempt, this IP address will be immediately blocked.
Country blocking is one of the most requested features by our customers, many who see most or all of their attacks from new IP addresses in other geographical regions. Country blocking is a less surgical tool than Syspeace’s regular login attempt analysis, but is a helpful complement to it. For best results, block countries that a) dominate the recorded blocks the server receives and b) do not legitimately use the server.