Overview
This article provides guidance on selecting and configuring a public IP address for your CIMcloud website that includes restrictions on the country of origin your website can be viewed from. This is sometimes called geo-blocking or geo-restrictions. By setting a geo-restricted IP address on your DNS record for your CIMcloud website, users will only be allowed to access the site from the geographic locations allowed by each IP address.
How Do Geo-restrictions Work
CIMcloud uses industry standard methods to identify the initiation point of each connection to your CIMcloud site for performance and usage metrics and also for geographic restrictions and blocking. Using these methods, we can allow or block certain geographic origins at our perimeter.
IMPORTANT
- While geo-restrictions is an industry-standard method of controlling access to a website, it is not full proof. Geo-restrictions can be bypassed using a VPN or proxy service.
- If you are using a third party proxy service that forwards your site traffic to CIMcloud, you cannot use CIMcloud geo-restricted addresses at this time. You can evaluate if you can enforce geo-restrictions within the third party proxy if available.
- More information: https://help.cimcloud.com/help-center/3rd-party-proxy-services/.
- Due to limitations in how the geo-restrictions are deployed currently, allowing individual addresses or address ranges is not available when using geo-restricted IP addresses.
Geographic Restricted IP Addresses
The below geographically restricted IP addresses are available to choose from based on your CIMcloud site user base and desired geographic accessibility. If you have any questions or concerns about adding geo-restrictions or updating your DNS record, contact your IT department or IT provider.
CIMcloud has chosen to create policies based on recognized global relationships and alliances. Additional information about each relationship and alliance can be found in the article Geographic Policy Descriptions.
INFORMATION
- Please note, the allow-list policies listed below are additive, meaning that each policy incorporates the values from all previous policies to allow access from additional countries.
- The block-list policies listed below ONLY block those countries in the group and will allow all other countries.
IP Addresses Policies |
||
| Table A: Allow-List Policies: For each white list policy, the listed countries will be allowed along with the countries allowed from any policies in prior policies for the associated IP address, while all other countries are blocked. | ||
| Policy Name | IP Address | Geographic Locations Allowed (Additive) |
| US | 199.15.171.242 | United States. |
| USMCA | 199.15.171.243 | Above policies + Canada and Mexico. |
| FTA | 199.15.171.244 | Above policies + Australia, Bahrain, Canada, Chile, Colombia, Costa Rica, Dominican Republic, El Salvador, Guatemala, Honduras, Israel, Japan, Jordan, Mexico, Morocco, Nicaragua, Oman, Panama, Peru, and Singapore. |
| NATO | 199.15.171.244 | Above policies + Albania, Belgium, Bulgaria, Canada, Croatia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg, Montenegro, Netherlands, North Macedonia, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Türkiye, and United Kingdom. |
| EU | 199.15.171.246 | Above policies + Åland Islands, Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, French Guiana, Germany, Greece, Guadeloupe, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Martinique, Mayotte, Netherlands, Netherlands Antilles, Poland, Portugal, Réunion, Romania, Saint Martin (French Part), Slovakia, Slovenia, Spain, and Sweden. |
| WEOG | 199.15.171.247 | Above policies + Andorra, Australia, Austria, Belgium, Canada, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Israel, Italy, Liechtenstein, Luxembourg, Malta, Monaco, Netherlands, New Zealand, Norway, Portugal, San Marino, Spain, Sweden, Switzerland, and United Kingdom. |
| EES | 199.15.171.248 | Above policies + Albania, Armenia, Azerbaijan, Belarus, Bosnia and Herzegovina, Bulgaria, Croatia, Estonia, Georgia, Hungary, Latvia, Lithuania, Montenegro, North Macedonia, and Poland. |
| APS | 199.15.171.249 | Above policies + Afghanistan, Bahrain, Bangladesh, Bhutan, Cambodia, China, Cyprus, Fiji, India, Indonesia, Iraq, Japan, Jordan, Kazakhstan, Kiribati, Kuwait, Kyrgyzstan, Lebanon, Malaysia, Maldives, Marshall Islands, Mongolia, Myanmar, Nauru, Nepal, Oman, Pakistan, Palau, Papua New Guinea, Philippines, Qatar, and Yemen. |
| LACS | 199.15.171.250 | Above policies + Antigua and Barbuda, Argentina, Barbados, Belize, Brazil, Chile, Colombia, Costa Rica, Cuba, Dominica, Dominican Republic, Ecuador, El Salvador, Grenada, Guatemala, Guyana, Haiti, Honduras, Jamaica, and Mexico. |
| AFS | 199.15.171.251 | Above policies + Algeria, Angola, Benin, Botswana, Burkina Faso, Burundi, Cameroon, Central African Republic, Chad, Comoros, Democratic Republic of the Congo, Djibouti, Egypt, Equatorial Guinea, Eritrea, Eswatini, Ethiopia, Gabon, Gambia, Ghana, Guinea, Guinea-Bissau, Kenya, Lesotho, Liberia, Libya, Madagascar, Malawi, Mali, Mauritania, Mauritius, Morocco, and Mozambique. |
| UN | 199.15.171.252 | All above policies including all United Nations Regional Groups listed above. |
| Table B: Block-List Policies: For each block-ist policy, the listed geographic locations will be blocked when using the associated IP address while all other countries are allowed. | ||
| Policy Name | IP Address | Blocked Geographic Locations |
| SDWL | 199.15.171.253 | Algeria, Azerbaijan, Comoros, Cuba, Eritrea, Iran, Nicaragua, Pakistan, Russia, Saudi Arabia, Tajikistan, Turkmenistan, Vietnam, |
Global Policies
Whether you are using a geo-restricted IP address or a standard IP address for your CIMcloud site, all traffic coming into the CIMcloud network is filtered using our global allow/block list policies obtained from trusted sources to prevent bad actors and malware.
CIMcloud global allow/block list policies DO NOT contain any geographic or large ranges of IP addresses. Global policies only include specific known bad actors, threats, or specific requested IP addresses that have been verified and are routinely reviewed.
Because CIMcloud global allow/block list policies will be applied prior to applying any geo-restriction rules, you may notice:
- Some IP addresses from blocked countries are allowed.
- Some IP address from allowed countries are blocked.
If you believe a bad actor has been allowed through or a valid customer is being blocked, please submit a support ticket for review.
Configuring Your DNS Records
To configure your DNS records, follow the below guidance which depends on your current DNS configuration.
- A few days prior to changing your IP address, decrease the Time-to-Live (TTL) on your CIMcloud site record. This will expedite the expiration of any cached DNS records on authoritative DNS name servers.
- The TTL value is usually specified in seconds, but your DNS provider may have different default TTL values from 24 – 72 hours.
- We recommend you set the TTL to the lowest possible interval. Most providers allow an increment of 10 – 15 minutes.
- The TTL can be reverted back to the DNS provider default following the IP address change.
- If you want your sandbox and/or staging site to use the geo-restricted IP address, please submit a ticket to have your records updated for those sites by CIMcloud personnel.