Geo-Blocking, Geo-Fencing, and Content Restriction in Streaming

Why This Matters

The streaming industry sells the same content many times — once per territory — because that is how the film and television rights market has worked since cinemas existed. A platform that holds rights to a thriller in Germany but not in the United States, or to a football match in Italy but not in Switzerland, has a contractual duty to make sure no viewer in the wrong territory ever sees a single byte of that asset. The penalty for failing that duty is not theoretical: a missed enforcement on a marquee sporting event can void the rights to the next season, trigger a multi-million-euro clawback, or hand a competitor an injunction. The penalty for over-enforcing — blocking real, paying subscribers who happen to be travelling — is churn, support tickets, and bad press. Both errors cost real money, which is why this is a board-level topic at every major over-the-top (OTT) operator.

The audience for this article is the person who owns that risk: a product manager, head of operations, security lead, or legal counsel scoping a streaming launch in a new market. A senior engineer or solution architect will also read it and must respect its accuracy on protocol details, license-server flows, and CDN configuration. The non-technical reader should finish this piece able to explain, in their own words, where the rule sits in the stack, why the rule has to sit in more than one place at once, and which suppliers do which part of the job.

Geo-Blocking and Geo-Fencing: Two Words That Are Often Confused

The first job is to settle vocabulary, because the industry uses these two terms interchangeably and it costs people clarity in meetings.

Geo-blocking is the broader rule. It decides whether a viewer in a given country (or sometimes a region within a country) is allowed to access a piece of content at all. The unit of the rule is usually the country, identified by the two-letter codes the International Organization for Standardization publishes as ISO 3166-1 alpha-2 — DE for Germany, US for the United States, BR for Brazil. A geo-block is binary at the country level: a viewer in DE is allowed; a viewer in US is not.

Geo-fencing is the narrower rule. It draws a tighter boundary — a stadium, a single arena, a school district, a corporate campus, a designated market area inside a single country — and changes the platform's behaviour inside that boundary. Geo-fencing is the technology behind a local blackout: a baseball game streamed nationally in the United States but blacked out to viewers whose IP address resolves to a fifty-mile radius around the home team's stadium. The unit of the rule is a polygon — defined by GPS coordinates, ZIP-code prefixes, or designated-market-area (DMA) codes — rather than a country.

Two more terms travel with the first two and are worth pinning down. Geo-targeting is the positive version of geo-blocking: instead of denying access, the platform changes the content it shows — a different home page, a different ad, a different audio dub — based on the same location signal. Content restriction is the umbrella term lawyers use for everything in this space, including the parts that have nothing to do with geography (age gates, parental controls, device-class restrictions); when an engineer says "content restriction" without qualifying it, ask which kind.

A working analogy: geo-blocking is the velvet rope at the front door of the club; geo-fencing is the rope inside the club that separates the VIP room from the general floor. Both are physical-world gating, both are enforced by checking identification, both can be bypassed if the bouncer is sloppy.

Why Streaming Platforms Do This in the First Place

There is no technical reason a streaming platform restricts content geographically — the bits travel just fine over the public internet. The reason is commercial and legal, and it has three parts.

The first part is territorial licensing. The audiovisual rights market sells distribution rights by territory; a studio licences "the right to stream Title X in Germany, Austria, and Switzerland" to one platform and "the right to stream Title X in France and Belgium" to another. The platforms compete inside their territories and stay out of each other's. Geo-blocking is the technical mechanism that turns a contractual line on a map into a working access-control rule. If the platform fails to enforce it, the studio sues the platform; if the platform's CDN fails to enforce it, the platform sues the CDN.

The second part is regulatory. Some content is illegal in some countries and legal in others. A documentary on a politically sensitive topic, a piece of news coverage, a music video with content that violates local broadcasting standards — the platform's compliance team designates these on a per-country basis and the geo-blocking system enforces the designation. The European Union's Audiovisual Media Services Directive (AVMSD, codified as Directive 2010/13/EU and updated by Directive 2018/1808) is one example: it sets minimum requirements on what European on-demand catalogues must contain (Article 13 mandates that at least 30% of works in a video-on-demand catalogue be European in origin, with the quota assessed per national catalogue), and the platform's catalogue logic must respect those per-country quotas.

The third part is commercial differentiation. The same platform can charge different prices, run different ad loads, or offer different feature sets in different markets — and that means making sure each market sees only its version of the platform. Without geo-targeting and geo-blocking together, the pricing and the rights model both collapse.

Two pieces of European Union law are worth knowing because they shape the global conversation. Regulation (EU) 2018/302 (the "Geo-blocking Regulation"), in force since 3 December 2018, generally prohibits unjustified discrimination based on a customer's nationality or place of residence within the single market — but audiovisual services are explicitly exempt from the regulation, which is why a European Union resident can still be geo-blocked from a Spanish broadcaster's catalogue while travelling to Germany. Regulation (EU) 2017/1128 (the "Portability Regulation") provides a narrow counter-rule: subscribers of paid online content services who are temporarily present in another EU member state must be able to access the service as if they were at home. Portability is why streaming platforms now run a "temporary travel" flow that lets a French subscriber's Netflix catalogue follow them to Italy for a few weeks — the law requires it, and the platform's geo-rules have to special-case it.

The Three-Layer Enforcement Model

A geo-rule enforced in only one place is a geo-rule that can be bypassed. The defence-in-depth pattern every mature streaming platform converges on is to enforce the same rule in three different parts of the stack, with each layer catching what the layer before it missed. The layers do not replace each other; they stack.

Figure 1. The three layers of geo-restriction every streaming platform should enforce in parallel. Each layer catches what the layer before it missed; a rule enforced in only one place is a rule that can be bypassed.

Layer 1 — The CDN edge

The first layer is the content delivery network (CDN), the global network of caches that sits between the platform's origin servers and the viewer's player. Every modern CDN — AWS CloudFront, Cloudflare, Akamai, Fastly, Google Cloud CDN — supports country-level access rules out of the box. The rule is configured once per distribution and the CDN matches the requesting IP against its internal geolocation database at the edge, returning HTTP 403 Forbidden if the country is on the blocklist. CloudFront documents its accuracy at 99.8% at the country level, which is the industry standard. Akamai's Geo Protection product extends the same idea to designated market areas inside the United States and supports CIDR-block-level rules for institutional cases (entire universities, corporate networks).

The CDN-edge layer's advantage is performance: a blocked request never touches the platform's origin, the packager, or the license server. A request that takes one round-trip to be denied at the edge costs the platform nothing; a request that travels all the way to the origin and back wastes capacity. Under a denial-of-service attack disguised as legitimate viewing, the difference between blocking at the edge and blocking at the origin is the difference between staying up and going down.

The CDN-edge layer's weakness is that the rule is enforced on a single, observable input — the IP address — and that input is the easiest part of the request for a viewer to manipulate. A consumer VPN service that places its exit node inside the licensed territory is, from the CDN's point of view, a real user in that territory. Country-level enforcement at the CDN catches the casual viewer; sophisticated bypass requires additional layers.

Layer 2 — The DRM license server

The second layer is the digital rights management (DRM) license server — the small, security-hardened service that issues decryption keys to the player only after the platform has confirmed the request is legitimate. The platform encrypts every video segment with a key; the player cannot decode the video until it requests and receives that key from the license server; and the license server is free to apply any policy it likes before granting the key, including a geographic policy.

The geographic policy is exactly the same logic as the CDN check — country lookup against the requesting IP — but the lookup happens at a different place in the request flow and is therefore harder to bypass. A viewer who has tricked the CDN by routing through a residential proxy is still subject to the license server's check, and the license server is on the platform's own infrastructure (or its DRM vendor's), not at the edge. The same lookup, repeated at a second point in the journey, doubles the cost of bypassing it.

All three major DRM systems — Google's Widevine, Apple's FairPlay Streaming, and Microsoft's PlayReady — support custom license policies via their license-server interfaces. PlayReady in particular ships a rich policy model that includes OutputProtectionLevel rules, expiration, concurrent-stream caps, and explicit geographic restriction; license servers from doverunner.com, BuyDRM (KeyOS), EZDRM, and Axinom expose those policy hooks to the platform.

The license-server layer's advantage is that it lives behind a trusted endpoint and runs platform-owned code; the platform can pull from any IP-intelligence feed it wants — its own, MaxMind GeoIP2, Digital Element NetAcuity, IPinfo, ipdata — and combine the lookup with anonymiser detection that the CDN does not perform. The license server also has access to the subscriber identity that came with the request, so its rule can mix "country says X" with "subscriber's billing address says Y" and refuse to issue a key when the two disagree.

The license-server layer's weakness is that it only protects encrypted content. Free preview clips, advertising assets, and catalogue artwork sit outside the DRM flow and are usually only protected at the CDN edge.

Layer 3 — The application layer

The third layer is the application layer — the platform's own back-end, the catalogue service, the playback-API gateway. Before the player asks for a manifest, it asks the application layer for a list of available titles, for the artwork on a detail page, for the playback URL of a specific asset. Every one of those calls is an opportunity to enforce geography on a different signal than the CDN's IP lookup.

The application layer typically combines four inputs: the IP address (the same one the CDN sees), the subscriber's billing country (the country on the credit card or payment method on file), the device's reported locale (the operating-system language and region), and the GPS coordinates if the device is a mobile phone and the user has granted permission. The application layer picks a single canonical country for the session and uses it to filter the catalogue. A title that the viewer is not allowed to watch never appears in search, never appears on a detail page, and never gets a playback URL — so the player never asks the CDN for it in the first place.

The application layer also handles the special cases the lower layers cannot: the EU Portability flow (temporary travel for a paid EU subscriber), the geo-fence-on-blackout flow (the user is in the country but inside a stadium radius), the offline-download flow (the title was downloaded in country X and is now being played in country Y). All three require the platform to track context the CDN does not have.

The application layer's weakness is that it is on the slow path — a synchronous call to a catalogue service is hundreds of milliseconds, not the single-digit milliseconds of an edge check. It is the right place for decision and the wrong place for enforcement at scale; the rule it sets is then propagated to the CDN's token system and to the DRM license server, where the enforcement actually happens for every request that follows.

How the Geography Itself Is Determined

Every layer above depends on the same upstream question: where is this viewer, right now? The answer is harder than it looks, and the failure modes of the answer determine the failure modes of the entire system.

Signal 1 — IP geolocation

The default signal is the viewer's public IP address, mapped to a country (and sometimes a region or city) through a commercial database. The two largest vendors are MaxMind (GeoIP2 family) and Digital Element (NetAcuity); each maintains a global mapping updated weekly from registry data, traceroute observations, and partner feeds.

The honest accuracy numbers come straight from MaxMind's own documentation. At the country level, GeoIP2 is above 99% accurate when VPN traffic is excluded. At the subdivision (state or province) level, accuracy drops to 55% to 80% depending on the country. At the city level, it drops further to 20% to 75%. A platform that builds a regional blackout rule on city-level data is building it on data that is wrong for one in four viewers in the best case.

The two largest sources of error are mobile carriers (where the IP address may be assigned to a peering point hundreds of kilometres from the viewer) and large enterprise networks (where the exit IP is a corporate gateway, not the building the viewer is sitting in). Both cases are dominated by edge cases at the granularity below country level; both are background noise at the country level.

Signal 2 — Anonymiser detection

The single most important enrichment is the answer to a different question: is this IP address an anonymiser? An anonymiser is any service that masks the viewer's real IP — a consumer VPN, a residential proxy, a Tor exit node, a corporate web gateway, a public WiFi hotspot operator that aggregates traffic through a single IP in another country.

Every major IP-intelligence vendor publishes an anonymiser feed. MaxMind's GeoIP Anonymous IP database classifies each anonymiser IP into five overlapping types: anonymous VPN, hosting provider, public proxy, Tor exit node, and residential proxy. Akamai's Enhanced Proxy Detection adds proprietary signals from the company's own traffic graph — an IP that is responsible for an unusually high number of streaming connections, with TLS fingerprints that suggest automated traffic, is flagged regardless of whether it appears on any public list. Cloudflare exposes the same idea as a threat score between 0 and 100, mixed with bot-management signals.

The hardest case is the residential proxy — a service that routes traffic through real consumer broadband connections (often acquired through "free" VPN apps that turn the user's device into an exit node). From an IP-database point of view, a residential proxy IP looks identical to a paying subscriber's home connection. Detecting it requires behavioural signals: an unusually high number of distinct user agents on the same IP, simultaneous sessions in incompatible time zones, anomalous TLS handshakes. This is what Akamai means by "Enhanced" proxy detection, and what specialised vendors like Spur, IPQualityScore, and IPinfo Privacy build their products around.

Signal 3 — Device GPS

For mobile applications, the device's GPS provides a far stronger signal than the IP address. A native iOS or Android player can request location permission from the operating system and, on grant, retrieve a coordinate accurate to a few metres. The coordinate is decisive evidence of the viewer's actual position, but only on devices that have a GPS chip and only when the user has granted permission.

The trade-off is human, not technical: GPS gating asks the user for permission and the user can refuse. For most casual streaming use cases the friction is unacceptable, so GPS is reserved for the cases where the platform has the leverage to demand it — sports apps enforcing local blackouts, regulated gambling apps, regional news apps with mandated geographic restrictions.

Signal 4 — Billing address and account history

The platform's own records — the country the subscriber selected at signup, the country of the credit card on file, the country of the IP address the account was created from — are the most authoritative signal of where the subscriber's home market actually is. The IP address tells you where the viewer is right now; the billing address tells you where they live. The two together resolve the most common edge case: the legitimate subscriber on holiday.

The Portability Regulation in the European Union codifies this directly. When an EU subscriber is temporarily in another member state, the platform must treat them as if they were in their home market — which means the platform must trust its billing-country record over its IP lookup, for a bounded period, before the IP lookup takes over again. The bounded period is not numerically defined in the regulation; the European Commission's guidance is that the platform decides what counts as "temporary" by reasonable means and documents it.

Putting the signals together

A modern decision combines all four signals into a single trust score, with one signal trumping another according to a documented hierarchy. The pattern that works in practice: GPS, if present, wins; otherwise billing country wins when the IP-derived country disagrees by less than a documented portability period; otherwise the IP-derived country wins; in every case the anonymiser flag, if set, demotes the decision to "anonymiser detected — deny or step up authentication." The exact weights are platform-specific, but the architecture is the same.

Figure 2. How a production decision is actually made. The IP lookup is one input among four; the anonymiser flag short-circuits the whole tree.

Worked Example: The Premier League Match in Three Markets

Numbers help. Consider a hypothetical sports OTT platform that has acquired Premier League rights in the United Kingdom and the Republic of Ireland, holds no rights in mainland Europe, and operates an international subscription tier that lets non-UK/IE subscribers watch most matches except for the ones that fall under the UK blackout window (no live football broadcast in the UK between 14:45 and 17:15 every Saturday from August to May).

The platform encodes the match once and stores a single set of HLS segments at the origin. The geo-rules differ per session.

The platform's CDN configuration includes three distributions. The first distribution serves the UK and IE catalogue; its country allowlist is [GB, IE] and the rule denies every other country with HTTP 403. The second distribution serves the international tier; its country allowlist is everywhere except GB, IE (because UK and IE viewers are served by the first distribution) and excludes a handful of countries where the platform has no payment relationship. The third distribution serves the catalogue Application Programming Interface (API), with no geographic restriction because metadata is not licensed.

A subscriber in London opens the player at 15:00 on a Saturday. The catalogue API responds — the title appears in search. The player requests the HLS manifest. The CDN's edge geo-check sees GB and serves the manifest. The player requests a license. The DRM license server checks the policy and notes that the request is for a live match inside the UK Saturday-afternoon blackout window — it refuses the key with a polite error message. The viewer sees a "this match is not available during the Saturday blackout" overlay; the application layer, which knew the rule first, has already replaced the playback button with an "alternative coverage" link.

A subscriber in Madrid opens the player at the same time. The catalogue API responds — the title appears, because Spain is part of the international tier. The player requests the manifest from the international distribution. The CDN check passes. The license server checks the policy and notes that the request is for a Premier League match outside the UK/IE rights and outside the blackout — it issues the key. Playback starts. The viewer in Madrid watches the match.

A subscriber in Madrid who has connected through a VPN with a UK exit node opens the player. The catalogue API responds, because the billing country is still ES. The player requests the manifest from the international distribution and the CDN sees a UK IP, which is wrong for that distribution — HTTP 403. The catalogue layer, seeing the disagreement between billing country (ES) and IP (GB), surfaces a "we detected a different country" prompt. If the viewer dismisses the prompt and retries, the license server runs its own anonymiser check, sees the IP flagged as a VPN by the platform's IP-intelligence feed, and refuses the key. The viewer is denied because the platform enforced the same rule three different ways.

This is what defence in depth looks like in practice. A platform that enforced the rule only at the CDN would have served the third viewer the manifest. A platform that enforced it only at the license server would have wasted CDN bandwidth on every blocked viewer. The three layers are not redundant; they each catch a different failure mode.

Geo-Fencing: When the Boundary Is Smaller Than a Country

Geo-blocking handles the country-sized boundary. Geo-fencing handles the smaller cases.

The most common in-the-field use case is the local sports blackout in the United States, where Major League Baseball, the National Basketball Association, and the National Football League each enforce designated-market-area (DMA) blackouts inside the broader national subscription. The viewer holds a national subscription, the platform holds national rights, and the contractual rule is: viewers physically located within a specified DMA cannot stream the local team's home game live. The technical implementation is a polygon — a set of ZIP codes that defines the DMA — and an IP-to-ZIP mapping that resolves the viewer's location at the postal level. The geolocation accuracy at postal level is, per MaxMind's documentation, the lowest of any granularity — which is why these platforms also require GPS permission from mobile apps and use the GPS coordinate as the authoritative signal when available.

A second use case is the venue fence, where a stadium operator restricts streaming inside its own building (because the live broadcast competes with the in-venue experience) and the platform's mobile app must detect that the viewer is currently inside the stadium's polygon. The polygon is small — a few hundred metres on a side — and the IP signal is useless at that resolution; GPS is the only signal that works. The app requests GPS permission at signup and refuses playback when inside the fence.

A third use case is the classroom fence, where an education platform restricts streaming of certain materials to within a school's network or a school district's geographic boundary. The signal is typically a CIDR-block check (the school's IP address range) supplemented by an authenticated SAML or OpenID Connect identity that establishes the user's affiliation. Geography here is a proxy for institutional membership, not a fence in itself.

The defining characteristic of geo-fencing, in every case, is that the country lookup is not enough — the platform needs more granular location data and usually multiple cross-signals before it can be confident.

Common Mistakes and Pitfalls

Three mistakes show up over and over in incident reports.

The first mistake is enforcing the rule in only one place. The CDN-only deployment is the most common; the platform's compliance team buys a CDN's geo-blocking feature and assumes the job is done. A six-month later, an audit finds that millions of license-server requests came from IPs the CDN had labelled as the licensed territory but that an anonymiser check would have flagged. Always enforce at three layers; redo the audit quarterly.

The second mistake is trusting IP geolocation below the country level. A platform that builds a state-level or city-level blackout on IP data alone will get one in three or one in four decisions wrong, depending on the country. The fix is either to require GPS for the granular case (mobile blackouts) or to combine IP with the billing ZIP code on file (web blackouts). Single-signal granular enforcement is wrong; multi-signal granular enforcement is acceptable.

The third mistake is ignoring the Portability case in Europe. A European subscriber travelling to another member state and being blocked from their own paid service is, under Regulation (EU) 2017/1128, a breach of the regulation. The platform's geo-rule must include an explicit allowance for the case, and the platform must communicate the allowance to the subscriber. Platforms that have skipped this step have received complaints to national regulators and, in some cases, formal infringement notices.

Pitfall callout. Geo-blocking is not security. A consumer VPN bypass is fifteen seconds of work for a determined viewer. Geo-blocking is compliance enforcement against casual evasion, paired with anonymiser detection that closes most (but not all) of the loophole. If your rights contract requires that "no viewer in territory X shall ever access the content," your rights contract is asking for something the internet cannot deliver — and that conversation belongs with the lawyers, not the engineers.

Implementation Checklist for a New Market Launch

The following sequence is what we use when scoping a streaming launch into a new territory.

First, the rights team agrees the per-title territory allowlist with the licensor and writes it into a structured document. The structure is country (ISO 3166-1 alpha-2) by title by window (start date, end date). This document is the single source of truth; every layer reads from it.

Second, the platform configures the CDN: country allowlist or blocklist per distribution, with HTTP 403 as the response for blocked traffic. CloudFront, Cloudflare, Akamai, and Fastly all support this in their console. The change is propagated globally in minutes.

Third, the platform configures the DRM license server: per-policy country allowlist or blocklist that mirrors the CDN's. Most DRM vendors expose this through a license-policy API; the policy is selected per request based on the title and the asserted territory.

Fourth, the application layer is configured: catalogue filtering per country, locale-based home-page customisation, and the special-case flows (EU Portability, blackout windows, content-restriction overlays). The application layer's rule is the most expressive of the three because it is the only one with access to subscriber context.

Fifth, the platform subscribes to an IP-intelligence feed for anonymiser detection — at minimum MaxMind's GeoIP2 plus the Anonymous IP database, or Digital Element NetAcuity Pulse, or a Cloudflare-bot-management plus IP-intelligence stack — and wires the feed into the license server's decision path.

Sixth, the platform runs a verification pass. Synthetic clients in each licensed and unlicensed country exercise the playback path; logs are reviewed for any case where the rule was applied incorrectly. The verification pass is rehearsed weekly during launch and monthly afterwards.

Seventh, the platform configures observability. The metrics worth a dedicated dashboard panel are: rate of HTTP 403 at the CDN edge per country; rate of license-server denials per policy reason; rate of "anonymiser flagged" decisions; rate of EU Portability overrides; and the per-country error rates as seen by the player. A spike in any of those is an early signal that geo-rules and reality have drifted apart.

Figure 3. The seven-step new-market launch sequence as a swimlane plan. The Rights lane gates everything; the Verification lane runs continuously after go-live.

The Cost Side: What Geo-Restriction Actually Costs to Run

Geo-restriction is not free. The visible line items are the IP-intelligence subscription, the DRM license-server volume, the CDN configuration, and the engineering time to maintain the rules. The invisible line items are the customer-service load (every wrongly blocked subscriber files a ticket), the lost subscriptions (every wrongly blocked subscriber considers cancelling), and the loss-of-rights risk (every undetected breach is a contractual exposure).

Order-of-magnitude numbers for a mid-sized OTT operator with ten million monthly active viewers and rights in twenty territories: MaxMind GeoIP2 Country and City subscriptions land in the low five figures per year; the GeoIP2 Anonymous IP add-on is a similar order of magnitude. Digital Element NetAcuity, the higher-end alternative, is typically a six-figure annual contract for an enterprise OTT customer. Akamai's Enhanced Proxy Detection is bundled with their CDN and security packages — the incremental cost is small for existing customers and large for new ones. DRM license-server volume scales with the playback fan-out, not with the geo-restriction; the marginal cost of adding a geo-policy check is single-digit milliseconds and a single-digit-percent CPU increase on the license-server fleet.

The dominant operational cost is engineering time on the rules themselves: catalogue mappings change with every new rights deal, blackout calendars change every season, and the EU Portability allowances need to be re-tested at the start of each holiday peak. A reasonable budget is one full-time-equivalent engineer for every ten major territories, plus a part-time legal liaison who owns the territory document.

If geo-restriction is being added to a streaming product for the first time, expect a one-time integration cost on the order of three to six engineering-months across CDN, DRM, application, and observability, plus a verification period of two to four weeks before launch. The number is dominated by the application-layer work — the back-end services that wire the rule into the catalogue API and the player error messaging — not by the CDN or DRM configuration, which are mostly console-driven.

Comparison Table: Geo-Restriction Approaches by Layer

The table below summarises the four enforcement layers a streaming platform can configure, in the order a request encounters them. The "winner" column highlights which layer is best suited for which job; in production, you configure all four together.

Criterion	CDN edge	DRM license server	Application layer	Native app GPS
Granularity	Country (some DMA)	Country (custom)	Any (subscriber context)	Metre-level
Latency overhead	Sub-millisecond	~10–30 ms	~100–300 ms	~100 ms (one-time)
Cost per request	Effectively zero	Single-digit milliseconds CPU	Catalogue-API cost	Battery + UX cost
Bypass difficulty (basic VPN)	Low	Medium with anonymiser feed	Medium	High (requires rooted device)
Bypass difficulty (residential proxy)	Low	Medium-high with behavioural detection	Medium	High
Best for	Volume blocking, DDoS-resilient	Encrypted content, policy enrichment	Catalogue, Portability cases	Sub-country geo-fencing
Failure if used alone	Bypassed by VPNs	Bypassed for unencrypted assets	Slow-path; can be bypassed by replaying tokens	Refused by user

The pattern that converges in production is to use all four. The CDN edge does the high-volume cheap denial. The DRM license server does the policy-rich denial on the protected paths. The application layer drives the user-visible experience. Native-app GPS handles the cases where the rule is smaller than a country.

Where Fora Soft Fits In

Fora Soft has shipped streaming and OTT platforms across multiple regulated markets since 2005, including sports OTT services with US designated-market-area blackouts, European on-demand catalogues subject to the AVMS Directive, telemedicine platforms with per-jurisdiction restrictions on cross-border medical consultations, and e-learning systems with institutional geo-fencing. The pattern in every project is the same: rights team owns the territory document, engineering wires it into the CDN, the DRM license server, the catalogue API, and the player error path, and the operations team runs continuous verification against the live rule set. The geo-restriction surface is one of the most boring parts of a streaming platform when it is working and one of the most expensive when it is not.

What to Read Next

• DRM 101: why three systems, and why you ship all three
• Token authentication, signed URLs, and origin protection
• Incident response for streaming: the playbook

CTA

Talk to a streaming engineer · See our case studies · Download the new-market geo-restriction launch checklist (PDF)

References

1. MaxMind. GeoIP Geolocation Accuracy. Knowledge base article, accessed 2026-05-26. https://support.maxmind.com/knowledge-base/articles/maxmind-geolocation-accuracy — primary source for country-level (>99%) and subdivision-level (55–80%) accuracy figures.
2. MaxMind. Anonymizer and Proxy Data. Knowledge base article, accessed 2026-05-26. https://support.maxmind.com/knowledge-base/articles/anonymizer-and-proxy-data-maxmind — primary source for the GeoIP Anonymous IP database categories.
3. Amazon Web Services. Restrict the geographic distribution of your content — Amazon CloudFront Developer Guide. Accessed 2026-05-26. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html — primary source for the CDN-edge accuracy claim (99.8%) and the HTTP 403 response pattern.
4. Amazon Web Services. Secure Media Delivery at the Edge — Using Geo Restriction Attributes. Accessed 2026-05-26. https://docs.aws.amazon.com/solutions/latest/secure-media-delivery-at-the-edge-on-aws/using-geo-restriction-attributes.html — implementation details for the CDN-token pattern combining country and IP attributes.
5. Akamai. Adaptive Media Delivery — Token Authentication. Tech-docs reference, accessed 2026-05-26. https://techdocs.akamai.com/adaptive-media-delivery/docs/add-token-auth — license-token specification including geographic policy fields.
6. Akamai. Act Against Geopiracy with Enhanced Proxy Detection. Engineering blog, accessed 2026-05-26. https://www.akamai.com/blog/performance/act-against-geopiracy-with-enhanced-proxy-detection — vendor description of behavioural anonymiser detection beyond IP-list lookup.
7. Cloudflare. Bot Management — Bot Detection Engines. Developer documentation, accessed 2026-05-26. https://developers.cloudflare.com/bots/concepts/bot-detection-engines/ — primary source for the Bot Score (1–99) and Threat Score (0–100) mechanisms used in geo-aware policy.
8. European Union. Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers' nationality, place of residence or place of establishment within the internal market. Official Journal of the European Union, L 60I, 2 March 2018. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32018R0302 — primary source for the audiovisual-services exemption.
9. European Union. Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market. Official Journal of the European Union, L 168, 30 June 2017. https://eur-lex.europa.eu/eli/reg/2017/1128/oj — primary source for the temporary-presence portability rule.
10. European Union. Directive (EU) 2018/1808 of the European Parliament and of the Council of 14 November 2018 amending Directive 2010/13/EU (the Audiovisual Media Services Directive). Official Journal of the European Union, L 303, 28 November 2018. https://eur-lex.europa.eu/eli/dir/2018/1808/oj — Article 13(1) requirement that 30% of works in a video-on-demand catalogue be European in origin, with the per-national-catalogue interpretation set out in the European Commission's 2020 guidance.
11. International Organization for Standardization. ISO 3166-1 Country Codes. Standards catalogue, accessed 2026-05-26. https://www.iso.org/iso-3166-country-codes.html — primary source for the two-letter country-code convention every CDN, DRM, and application-layer rule references.
12. McDonald, Allison et al. 403 Forbidden: A Global View of CDN Geoblocking. Proceedings of the ACM Internet Measurement Conference, 2018. https://amcdon.com/papers/403forbidden-imc18.pdf — peer-reviewed measurement of CDN-edge geo-block deployment patterns, used here for the prevalence baseline (cited as a tier-5 source per §4.3.2; the operational details defer to the CDN documentation in references 3–5).