ngsrv
Get Started

How to protect a tunnel with geo restrictions

Geo policies filter requests by country code before they reach your machine. Handy for compliance demos, region-locked betas, or blocking high-abuse regions on a public preview.

Free plan: 1 geo policy (up to 3 countries). Pro / PAYG: 10 policies, 30 countries each.

Step 1 — Create the policy

  1. Go to Dashboard → Security → Geo Restrictions.
  2. Pick Allow (only listed countries) or Block (everyone except listed).
  3. Add ISO country codes (US, DE, GB, …).
  4. Copy the policy ID (ngsrv_geo_…).

Step 2 — Attach to a tunnel

ngsrv http 8080 --policy ngsrv_geo_eu_only

port: 8080
security_policies:
  - ngsrv_geo_eu_only

Example: EU-only staging API

Allow mode with AT, BE, DE, FR, NL, … — testers outside Europe get a clean 403 at the edge.

Limitations

Geo uses the client IP seen at the edge. VPNs and corporate proxies may appear as the wrong country. Pair with header auth for high-stakes previews.

More: Geo docs