We have Guest user access / unauthenticated site in Experience / Community Cloud.
There is a need to allow request from US and restrict request from all other countries (outside US).
When there is a request to the unauthenticated site in Experience / Community Cloud from US – site page can be displayed.
When there is a request to the unauthenticated site in Experience / Community Cloud from Canada or Mexico – site page should not be displayed
Looks like the best option is to use JavaScript to identify the country and take appropriate decision.
Are there other options to identify and take action based on the request from countries?
Best Answer
You cannot restrict it out of the box in salesforce. Also, any javascript which is relying on IP address based blocking is ineffective because bots and hackers can still use VPN, proxy and other masking methods to access the site.
A good solution is hiding your domain behind a proxy service that essentially handles all the source traffic before forwarding them on to salesforce.
The leader is CloudFlare
Blocking a country couldn’t be easier. Just log in and go to ‘Threat Control’, then where it says ‘Add custom rule’, start typing the full country name and then click it from the dropdown list. Click the big red ‘Block’ button and you’re done!