I have a client who has a requirement that they can't sell particular products 'outside the United States'.
They'd prefer that users can see the site, but when they try to checkout present a message indicating they are outside the United States.
Their site is built in Rails 2.3.8.
Check out the GeoIP gem (make sure to read the instructions, you need to download the GeoLiteCity or GeoLiteCountry database in order for it to work). It uses MaxMind's GeoIP database and can give you the country (or city, in the case of the city database) of an IP address, with some accuracy. There is a commercial database with better accuracy available, which I would recommend for your use case.
However, be advised that this is by no means a definitive solution. Some customers will be turned away wrongfully, and some will be able to order even though they should not. Things like satellite connections, proxy servers and VPN services make IP location impossible, and no database is 100% complete or correct.
What you're looking for is some kind of rough geolocation. One way to get this is to query a DNS zone designed specifically for this; one such zone is described at http://countries.nerd.dk.
I am from Ukraine. And when a particular US shop doesn't want to sell products overseas it usually specifies in the policy/faq/etc that only US bank issued payment cards are accepted.
That seems for me the best solution to solve: "can't sell particular products 'outside the United States'. "
As there are package/mail/freight forwarding companies which can be used by a potential client of that customer though residing outside US but whom the customer won't have to ship directly. That customer would still benefit from those sales but are freed from dialing with burden associated with overseas shipping.
And when you will solve it with geolocation, that customer would still be able making additional money, when people would still be using the site through different kind of proxies, if that customer will be worth it. :)
You can use their data that you pull into your database to check the user's IP address. http://www.ipligence.com/geolocation/ (you still have to worry about proxying)
I would also check where your shipping it to (checking addresses like suggested above), also check the card address with the card backer like VISA, etc..
And suggested above, your money processing agent shouldn't allow any transactions from outside the U.S. on particular items (if possible)
But I did read your statement SOME products may not be allowed to be sold outside the U.S. So you'll need a way to mark those products in your system and then let the user know they are unable to purchase those items, but continue on with others in the cart.
You could use a Rack Middleware, but it will require that you fork it on Github first.
https://github.com/roja/rack-geo
At the moment this project gives you City and Organisation names based on the IP address of the computer making the request - you need Country Code too.
You could add it to the code relatively easily here: https://github.com/roja/rack-geo/blob/master/lib/rack/geo.rb
You could then set a Rack environment variable to indicate if the request is from the USA, in the call method:
Rack::Request.new(env)["born"] = "...in the USA"
Add it to your config file:
config.middleware.use Rack::Geo
And then in your controller you can test if the request has this environment variable set appropriately and redirect to a 'sorry you must be from the USA' page:
if params['born'] == "...in the USA"
redirect_to "/not_from_round_here"
end
Bear in mind that IP address sniffing is fallible. I often take trains in the UK and end up with Google in German.
A geoip alternative is can be found here: http://humbuckercode.co.uk/licks/gems/geoip/
Uses the maxmind libraries, easy to set up, no schema updates needed, fast
Related
I need to create a web app that would be different for each country (and not only different language). Let's say the website lists insurance solutions in the country.
For example, users in France typing example.com would need to be sent to http://france.example.com and American users would go to http://us.example.com
All websites would have the same display/layout but the content in the pages would vary as insurance and companies are not the same in each country.
What I'd like is:
in my backend: Manage multiple "country versions" on which I can work to improve features, layout, etc. in a single time without having to update the code on each version. All country versions would stay in similar stat this way.
in the backend: create a filter that "sends" the insurance item I input in my backoffice into the right country-wesbite.
it means for example that the page describing an insurance ALpha in France would only exist in the france version (http://france.example.com/alpha_insurance_description) and not in other country versions.
What kind of architecture must I implement? Are there Rails gems that answer this kind of problematic? (if not maybe some websites describing how to create this kind of multi-country website)
"multi-tenancy" is what you want. The following two railscasts explains two different approches to achieve the same.
http://railscasts.com/episodes/389-multitenancy-with-postgresql
http://railscasts.com/episodes/388-multitenancy-with-scopes
Also you can use subdomain-fu, for subdomain handling and route validation.
I would just use the geoIP data (or user preferences) to find out which country to show and have the content stored in the DB (e.g. insurance companies) with a country code. Seeing as an insurance company will have an address and postcode anyway, this should be pretty simple. That way, both the content and the site language can be set dynamically.
As for the subdomains, you can CNAME all of them to your main site and use a little piece of Rack middleware (hand rolled) to redirect requests to the right subdomain if necessary. After that, the site ignores the subdomain itself and just server content dynamically. Alternatively, you could have some code in the application config that reads the subdomain from the Rack request, extracts the country code, and sets it as a config variable that you then use to flag what country code to use when showing the dynamica content, setting the language, etc.
I've just put a Rails app live on heroku.com which services some touchscreen kiosks and have had my first taste of malicious users with some bogus service bookings. I would like some suggestions on audit data which I can log to help me to track down or otherwise discourage or prevent such malicious activities.
Some brief background - I have designed a Rails based website which is targeted towards the Tourist industry and allows customers to book accommodation and other tourist related services such as boat trips. We run this application on touchscreen kiosks (think 6.5 foot tall units with 40" touch screens) and email notifications of bookings to service providers.
What I'm looking for is suggestions on things that I can record at the point of bookings (and other transactions) taking place so that I can help to authenticate valid bookings and record details which can be used later to trace these bogus bookings. I might then add this information to a black-list to block these machines from creating further problems.
I'm already recording the request.remote_ip address but would ideally like to be able to record the hostname of the remote_ip as well since the IP address might change dynamically. Is this possible? Should I create a random key and store it as a cookie to identify each client machine uniquely?
I'm not looking to prosecute every person who makes a bogus booking, I just want to be able to discourage, prevent or track such malicious activity and would appreciate any suggestions on how best I can do this.
Many thanks,
Craig.
The question is a bit vague I think. You need to look at what you know: what actually IS a non-valid bogus booking? How did you personally figure out that some particular booking was bogus? Did someone tell you, did you figure it out from the data yourself?
You first need to gather all the bits and pieces you have of bogus bookings, and if there is a pattern then that is what you implement as a filter. I mean if someone knew a booking was bogus, why did your system not know it?
Logging IP addresses and hostnames is kind of futile..you'll never catch whoever did it this way. Why not validate up-front with credit card numbers or minimum a confirmed e-mail address? If you have an up-front credit card number then you have a direct link to the person for disputes and/or blocking further attempts by card number. IP addresses are too hard to track.
An IP address can be converted to a hostname by a reverse lookup, but if the IP changes the hostname changes too. If you alreay log an IP, you can always do a reverse lookup later, but I don't really see the value of knowing the host name(?).
Hii,
We want to redirect our users to one of our web pages corresponding to the users city (location based upon the users ip address and using some ip location databases)
My question is, how to make it work fast? for example in website gropoun, whenever the user visits, it instantly takes the user to its city page.
Thanks.
Edit: We are using PHP
Do you want to do this server or client side? If client side (ie, using javascript), you can use one of many geoip services out there. One in particular is Yahoo!'s YGL
http://developer.yahoo.com/yql/
http://developer.yahoo.com/yql/console/?q=select%20City,RegionName,CountryName%20from%20ip.location%20where%20ip%3D'8.8.8.8'&env=store://datatables.org/alltableswithkeys
Also, you can do it server-side using pretty much and language or framework. You could make API or service calls to third party geoip providers, or you can load the data into your database and do your own look up.
http://www.maxmind.com/app/geolitecity
http://ipinfodb.com/ip_database.php
http://ipinfodb.com/ip_location_api.php
You will also need to "default" to a region or zipcode as every IP address can not be determined. For example, one web application that I currently work on has a 95% USA audience, so we default to the geographical center of the country which is 66952.
You should determine user ip from httpRequest afterwards use some kind of database for example geoip
Cache, cache, cache everything. Cache lookups in your IP table, cache the results for individual users in their session or cookies, cache the rendered localization information portion of your pages (or at least the query intensive parts.)
There are more details that could be given, but it all depends on what your bottlenecks are. (After all there's no point in implementing complex caching on the routing side of things if the bottleneck is in rendering localized information because your DB calls take almost half a second to run). I cannot tell you where the bottlenecks in your application are / will be. You'll need to profile it first -- then optimize on the basis of what the profiler tells you.
I have done this for a few clients server-side using the lookup service http://ipinfodb.com/ip_location_api.php.
Just remember to store IP addresses and locations in the database so you do not do redundant lookups. I used the time zone data to determine the visitor's region.
I wish to track a user's country from where my website is accesed .
ex; if a customer from a particular is accessing say america how to trace that the user is actually from america.
Is there any way
What you are talking about is called GeoIP and there are many ways to do it. Normally this is done using a third party that has a mapping of IP addresses to physical locations.
This is of course not 100% accurate, as people may be using VPNs, TOR or simply spoofing addresses.
It's not possible in all cases, but most IP addresses can be mapped to a location (even down to the city). There are quite a large number of such geomapping services.
Use MaxMind service.
http://www.maxmind.com/app/javascript_city
They got free and paid versions.
You can determine the country of the IP address of last proxy that a user is using. This is often their country, but not always.
Users can set out to obscure it e.g. by using TOR or another proxy service.
Or their ISPs might be passing them through NAT or through other countries.
And what do you do with the information? Offer them the site in their presumed-native language? Or customise your contact details appropriately?
So you have to think carefully about how you use this information. It is a good idea to present a page in the native language that you think the user is surfing from, but you must make it easy and obvious for the user to change their country. Not all surfers in any given country actually speak the language, and not all people can call toll-free numbers, and not all people in one country are wanting support that's specific to their country, they may be seeking support for when they are elsewhere or for a friend etc.
I'd like to use visitor IP addresses into a company name. This will be used for displaying something like "Hello visitor from Apple Inc." . Note I am looking for the company name, not the domain name. Extra points for determining the originating country. The app is written in Ruby on Rails, but examples in other languages will do. Thanks!
There are databases for this kind of thing, but they are hardly 100% accurate, so I'd think long and hard before using them to make assumptions regarding content you present to your visitors. If you still want to do it, here are two companies that offer databases that include organization level detail:
http://www.maxmind.com/app/ip-location
http://www.ip2location.com/
Edit to clarify based on additional answers:
The organization level detail in the databases from these vendors is different than ISP information, which is what the others are referring to. The databases from the vendors above are actually assigned organizational information based on research, not reverse lookup on IP ownership.
For starters, know that often it is impossible - e.g. many people's connection will be from Insight, or Comcast, or whatever their ISP is. I'm not sure if your intended feature is all that snazzy if you greet me as being "from" Insight Broadband.
You're very likely to get this more wrong than right, but you can get this from a whois client.
For example, to see owners of US addresses (at least), you can whois from the CLI to play around:
whois -h whois.arin.net 17.18.19.20