Geo-blocking enforces the geographic terms of content licensing. Most film, TV and sports rights are sold per-territory — a streaming service may have UK rights to a movie but not US rights, or US rights to a sport but not Canadian rights. When a viewer tries to play that content, the service checks the viewer's IP against a geo-IP database (MaxMind, Digital Element, IPinfo) and either serves or refuses based on the matched country.
The check happens at multiple points. The CDN edge can do it via geo-fence rules in its configuration — Akamai, CloudFront, Cloudflare all support country-level access lists. The application server can do it before issuing a signed URL or DRM license — usually more reliable than CDN-level because the application has more context. The license server can do it before issuing a DRM key — the strongest gate because even if a viewer somehow gets the segments, they can't decrypt.
Geo-blocking is routinely bypassed by VPN users. The cat-and-mouse game involves identifying datacenter IP ranges (where VPN exit nodes typically live), correlating IPs against known VPN providers, and using behavioural signals (sudden IP change mid-session, IP geolocation that conflicts with login profile). The major OTT services (Netflix, Disney+) maintain proprietary VPN-detection systems; smaller services use third-party services like IPQualityScore or buy block lists from MaxMind. Perfect prevention is impossible; the goal is to make casual bypass inconvenient.
