Geolocation module
The Geolocation module stores the IP address and the geolocation information from user requests. It also calculates the risk score of the actual request based on the historical data of previous requests of the same user.
The Geolocation module uses several analyzers to calculate the risk score for a specific user:
- Geolocation analyzer: This analyzer counts the number of times a user accesses an application from the same country (one count per session).
- Suspicious country analyzer: This analyzer checks whether the current country is a suspicious country.
- IP address analyzer: This analyzer counts the number of times a user accesses an application from the same IP address (one count per session).
- IP velocity analyzer (experimental): This analyzer checks whether the geolocation entries of the same user are within a feasible range based on their timestamps.
- IP reputation analyzer (experimental): This analyzer checks whether the IP address is blacklisted.
To determine the geolocation from the IP address, nevisAdapt uses an IP-to-location service. You can configure this service by using a CSV file that defines the inclusive range of IP addresses, the ISO 3166-1 alpha-2 country codes, the latitude, and longitude values. The IP velocity analyzer also uses this data for calculation. The IP reputation analyzer uses an external database as well, which update on a regular basis. For more information about the integration of these external databases, see the chapter Setting up periodic update of IP geolocation and reputation mappings.
For the suspicious country analyzer, define a comma-separated list of suspicious countries in the nevisAdapt configuration file nevisadapt.properties or in the Advanced tab of the nevisAdapt deployable pattern in nevisAdmin4. For a description of the configuration file, see the chapter nevisAdapt service - Description.
The quality of the Geolocation module heavily depends on the quality of the services that are used to estimate the location and IP reputation of the user. It is imperative that you use high quality datasets if you rely on this module in production.
If you deploy into a Kubernetes cluster, or you have another firewall or load balancer configured besides nevisProxy, make sure the request header X-Forwarded-For is set and contains the IP address of the client. Without the correct IP address, the Geolocation module will not work.