The Geo-IP Blocking feature allows you to block access to your server from specific countries.
Starting from version 9.2.5, the Geo-IP Blocking feature in RdpGuard now offers enhanced flexibility
in managing access to your server based on geographic locations. This feature allows two modes of operation:
Traditional Blocking Mode:
You can block access to your server from specific countries. Select one or multiple countries to block,
and RdpGuard will prevent access from these locations. It continues to download the list of updated
IP ranges every 24 hours and updates the blocking rules accordingly.
Inverse Blocking Mode (New):
In this mode, you can specify countries that are allowed to access your server, automatically blocking all others.
This is particularly useful for focusing on a specific audience or complying with legal and business requirements.
Like the traditional mode, it updates IP ranges and rules every 24 hours to ensure accurate and effective access control.
To enable Geo-IP Blocking
1. Click Tools, Options
Open Tools, Options, Geo-IP
The RdpGuard Options dialog will open.
2. Switch to the Geo-IP tab and check Enable Geo-IP
Test mode (all countries allowed again after reboot) - This option temporarily enables the deny rule,
which remains active only until the next system restart. This feature is designed for safe configuration
testing, ensuring that any potential access control errors can be rectified by simply restarting the server,
thereby restoring remote access for recovery purposes
Add allowed address or range - This feature allows you to specify individual IP addresses or IP ranges
that will always be granted access to the server, regardless of other allowed countries added.
This is an essential tool for safe configuration testing and ensuring uninterrupted access for trusted locations or networks.
To add allowed IP address or IP range:
Click Add, allowed address or range
Click Add, Allowed IP address or IP range
The Add New IP Address dialog will open:
The Add New IP Address dialog
Enter one or multiple IP addresses and ranges and click Add new addresses
New addresses or ranges will appear in the list as Custom allow list:
Custom allow list added
5. Click Save to close options and save changes.
Advanced Settings
To open the Advanced Settings, please click on the gear icon located on the toolbar:
Advanced Settings button
The Advanced Settings dialog will open:
Advanced Settings dialog
Geo-IP in Allow mode - options that are applied when Geo-IP is in
Allow mode.
Allow loopback connections - click to enable loopback connections. If you disable this option,
normal operations of many apps could be broken.
Allow local connections - turn on to allow connections to the server over the local network.
Exclude VPN networks and Tor exit nodes from the allowed connections
- exclude known VPN networks and Tor exit nodes from the allowed IPs.
Exclude data center networks from the allowed connections
- exclude known data center networks from the allowed IPs.
Geo-IP database version - two versions of IP database are available:
Lite - fewer entries, lower impact on OS performance, less accurate
Max - more entries, higher impact on OS performance, more accurate
Known restrictions and limitations
Please keep the number of entries as short as possible
Keep in mind that IP blocks for some countries can include thousands of entries.
Adding many entries to your Geo-IP filter may create a long list of conditions in the Windows Filtering Platform.
This long list can greatly affect your server's network and overall performance. So, it's better to limit the number
of entries on your list to keep your server running smoothly.
A possible way to reduce the number of entries is by switching to the Lite version of the IP database in
Advanced Settings
Another way to reduce the number of entries is to use the Allow mode and specify only the countries you want to allow.
"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard"
- Joaquim De Sousa Marques
"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called
TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's."
- J. Johnson
"Absolutely amazed at your product. We are a church in the North Dallas area,
and I discovered this morning multiple failed logon attempts via our Remote Access Server.
A friend suggested your product, so I immediately downloaded the trial.
It had a list of about five blocked IP addresses in minutes, and that was enough to
lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a
third being international attempts to break into our system.
Thanks for a great product. You may have just saved us much grief."
- John Hallford
"Love the software. RDP on our Windows servers is just ridiculous.
We would block it in the router but we have lots of old-time customers that would have issues."
- Scott Hirsch
"Love the software! Makes it easier than tailoring VB Scripts!!"
- Nick Brennan
"It's a great product - really stopping those RDP attackers :-)"
- Dave, UK
"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server.
RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)"
- Carsten Baltes
