Restricting website access by client geolocation

I need to restrict access to a website because of countries regulations. I know that Hosting providers or CDNs/Webservers like Cloudflare or NGINX can do that for me and is probably the best approach (?) but I think only if the website needs to scale and since it has small expected traffic I'd like to just implement it myself for the start.

This question is not about how to get the users IP or how to use geolocation APIs with that IP. It is about how to design the backend to deny or grant access to the website for the clients.

  1. Do I need to do it on every request to the server ? If yes should I just write middleware that rejects the request if it is a blocked coutry or put that logic somewhere else ?
  2. Or can I do it once and then just "remember" it somehow for that client (how reliable would that be/ could that be abused ?).

I just dont want to build a super stupid design where I affect the performance of the backend just for a simple task like that.

Thank you in advance.

Back to Top