There's truly no fool-proof way to go from 1.2.3.4 to US, UK, CN, etc. IP addresses are constantly changing hands. I'm in the Southern US and yet a residential ISP I had showed up as coming from Montreal, Canada for years in many geo IP databases. A friend's house down the street sometimes gets mistaken as a Brazilian IP address.
Almost every time I've used a WAF's geo-IP blocking tool I've either personally experienced or had customers complain about being blocked incorrectly.
If you're dynamically getting IP addresses and you're allow-listing based on country of origin, expect to get locked out eventually even if you're sitting in the same place.
That's just a PTR record though. While scarlet.be implies the organization controlling it is in Belgium, that's not necessarily a guarantee the actual device using it is in Belgium. scarlet.be could deploy a box in Ghana or Chile and have its PTR record updated to something.dsl.scarlet.be. There's no actual enforcement that the device is in some physical location.
Loads of IP addresses for cloud providers ultimately resolve to things like amazon.com or google.com, does that mean those requests are from the US because it ends in .com?
I am not looking for a failproof way to ban all non-relevant ip's.
I'm looking for a method to exclude 99% of traffic based on IP ( if possible) and that i know how i can get in if the IP changes and it isn't updated automatically on the server ( as a failsafe).
Almost every time I've used a WAF's geo-IP blocking tool I've either personally experienced or had customers complain about being blocked incorrectly.
If you're dynamically getting IP addresses and you're allow-listing based on country of origin, expect to get locked out eventually even if you're sitting in the same place.