This plugin lets you prevent entire countries from accessing your Rails app at a controller level. It requires one of MaxMind's GeoIP databases (free or paid, city or country level) to function. If you need a MaxMind database, you can download the free GeoLite2 Country database.

I decided to write this after seeing stories on Hacker News about small e-commerce sites being destroyed by credit card fraud from China, Russia, Vietnam, etc. I wouldn't rely on this as your sole anti-fraud mechanism, but it should have a big effect on cutting down the malicious traffic to your app.

Create config/initializers/rails_country_blocker.rb and set your MaxMind DB path and list of blocked countries:

RailsCountryBlocker.database_path = "/path/to/maxmind.mmdb"
RailsCountryBlocker.blocked_countries = %w[CN RU VN]

You can either check the MaxMind db into your repo and use a database_path based on Rails.root, or you can keep it outside the repo. MaxMind provides an auto-updater script which you can run via cron if you keep it outside the repo.

Now just add:

prepend_before_filter :enforce_country_blocks

to any controller whose actions you want to protect. To protect your entire app, add it at the top of ApplicationController.

I have no idea how to properly test this using stubs/mocks. Feel free to send a PR and I'll credit you here.

• Add proper tests
• Do something smarter than just raise an Exception (logging? analytics?)
• Maybe support reading the gzipped MaxMind database directly (the country one is only ~900kb)
• Raise an exception at app startup if the DB doesn't exist or can't be read
• Show a warning if the plugin is installed and configured but no countries are blocked

BSD