mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs: add new Access Control and Logs documentation pages

Browse Source 
- Documented Access Control features (e.g., Device Approvals, Password Rotation, 2FA, Custom Login Pages).
- Added detailed descriptions for Logs & Analytics (Access Logs, Request Logs, Action Logs).
- Included configuration instructions and feature-specific notes for Pangolin Cloud and Enterprise Edition.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
Stefan Mogeritsch
2026-03-11 11:24:24 +01:00
parent a70f132fd9
commit aa157e82f8
87 changed files with 13163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/01_Architecture/Pangolin/Mange_Pangolin/Access_Control/Geo-blocking.md
+99
View File
@@ -0,0 +1,99 @@
> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt
> Use this file to discover all available pages before exploring further.
# Geo-blocking
> Configure geo blocking to restrict access based on geographic location
<div id="pangolin-toc-cta" className="pangolin-toc-cta-source">
<Card title="Try free on Pangolin Cloud" icon="cloud" href="https://app.pangolin.net/auth/signup" arrow="true" cta="Sign up free">
Fastest way to get started with Pangolin using the hosted control plane. No credit card required.
</Card>
</div>
<Note>
Geoblocking is available in Pangolin community! Make sure to follow this guide for how to enable: [Enabling Geo Blocking](/self-host/advanced/enable-geoblocking)
</Note>
<iframe className="w-full aspect-video rounded-xl" src="https://www.youtube.com/embed/_2EheKVUYxI" title="YouTube video player" frameBorder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowFullScreen />
## Benefits of Geo Blocking
Geo blocking provides several important security and compliance advantages:
### Security Benefits
* **Reduce Attack Surface**: Block access from regions with high levels of malicious activity or where you don't expect
legitimate users
* **Prevent Unauthorized Access**: Limit exposure to threat actors operating from specific geographic locations
* **Compliance Requirements**: Meet regulatory requirements that restrict data access based on geographic location
* **Resource Protection**: Prevent unnecessary load on your services from regions where you don't operate
## Implementing Geo Blocking with Bypass Rules
Geo blocking in Pangolin is implemented using [bypass rules](/manage/access-control/rules) with country-based matching.
You can create rules that either allow or deny access based on the visitor's country.
<Frame caption="Screenshot of resources rules from the Pangolin Dashboard.">
<img src="https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=bf402f45fd986ccf154fd9d0ab299bef" alt="Pangolin Dashboard" data-og-width="1746" width="1746" data-og-height="590" height="590" data-path="images/country_rules.png" data-optimize="true" data-opv="3" srcset="https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?w=280&fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=3b4714c3ad8e8a616ac543ed60db1578 280w, https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?w=560&fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=3906ad347cb3d9e617866e04aab794f5 560w, https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?w=840&fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=2f6488d3728cc429e2706c07e1990621 840w, https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?w=1100&fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=98f668ef76b52ac1fc967219341da7a3 1100w, https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?w=1650&fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=3cba803e94e8beb1c75ad34d1d502c40 1650w, https://mintcdn.com/fossorial/Q8zHyI8PHlGty9PM/images/country_rules.png?w=2500&fit=max&auto=format&n=Q8zHyI8PHlGty9PM&q=85&s=ef7addc920457e8cd0f658af529ad052 2500w" />
</Frame>
### Setting Up Geo Blocking Rules
1. Navigate to your target resource and select the **Rules** tab
2. Create a new rule and select **Country** as the match type
3. Choose your rule action:
* **Allow**: Bypass authentication for users from specific countries
* **Deny**: Block all access from specific countries
* **Pass to Auth**: Let users from specific countries proceed to authentication
### Common Geo Blocking Patterns
#### Allow Only Specific Countries
Create a "Deny" rule that blocks all countries except those you want to allow:
1. Create a **Deny** rule
2. Select **Country** match type
3. Choose "ALL" to match all countries
4. Add priority: 100 (lower priority)
Then create specific allow rules for your approved countries:
1. Create **Allow** rules for each approved country
2. Set higher priority (e.g., 10, 20, 30) so they process first
#### Block Specific High-Risk Countries
Create targeted deny rules for specific countries while allowing all others:
1. Create **Deny** rules for each country you want to block
2. Select the specific countries from the dropdown
3. Set appropriate priorities
#### Regional Access Control
Combine geo blocking with other rule types for sophisticated access control:
1. **Path + Country**: Block admin paths (`/admin/*`) from all countries except your headquarters
2. **IP + Country**: Allow specific IPs from restricted countries (for VPN users or partners)
3. **CIDR + Country**: Combine network-based and geography-based restrictions
### Best Practices
<Warning>
IP geolocation is not always 100% accurate. Users with VPNs, proxies, or mobile networks may appear to be from different countries than expected.
</Warning>
### Rule Priority Example
```
Priority 1: Allow - Country: United States
Priority 2: Allow - Country: Canada
Priority 3: Allow - Country: United Kingdom
Priority 4: Deny - Country: ALL
```
This configuration allows access only from the US, Canada, and UK while blocking all other countries.