How to restrict purchases to ONLY IP addresses in the United States using Ruby/Rails?

I have a client who has a requirement that they can't sell particular products 'outsi开发者_如何学编程de the United States'.

They'd prefer that users can see the site, but when they try to checkout present a message indicating they are outside the United States.

Their site is built in Rails 2.3.8.

Check out the GeoIP gem (make sure to read the instructions, you need to download the GeoLiteCity or GeoLiteCountry database in order for it to work). It uses MaxMind's GeoIP database and can give you the country (or city, in the case of the city database) of an IP address, with some accuracy. There is a commercial database with better accuracy available, which I would recommend for your use case.

However, be advised that this is by no means a definitive solution. Some customers will be turned away wrongfully, and some will be able to order even though they should not. Things like satellite connections, proxy servers and VPN services make IP location impossible, and no database is 100% complete or correct.

What you're looking for is some kind of rough geolocation. One way to get this is to query a DNS zone designed specifically for this; one such zone is described at http://countries.nerd.dk.

I am from Ukraine. And when a particular US shop doesn't want to sell products overseas it usually specifies in the policy/faq/etc that only US bank issued payment cards are accepted. That seems for me the best solution to solve: "can't sell particular products 'outside the United States'. "

As there are package/mail/freight forwarding companies which can be used by a potential client of that customer though residing outside US but whom the customer won't have to ship directly. That customer would still benefit from those sales but are freed from dialing with burden associated with overseas shipping.

And when you will solve it with geolocation, that customer would still be able making additional money, when people would still be using the site through different kind of proxies, if that customer will be worth it. :)

You can use their data that you pull into your database to check the user's IP address. http://www.ipligence.com/geolocation/ (you still have to worry about proxying)

I would also check where your shipping it to (checking addresses like suggested above), also check the card address with the card backer like VISA, etc..

And suggested above, your money processing agent shouldn't allow any transactions from outside the U.S. on particular items (if possible)

But I did read your statement SOME products may not be allowed to be sold outside the U.S. So you'll need a way to mark those products in your system and then let the user know they are unable to purchase those items, but continue on with others in the cart.

You could use a Rack Middleware, but it will require that you fork it on Github first.

https://github.com/roja/rack-geo

At the moment this project gives you City and Organisation names based on the IP address of the computer making the request - you need Country Code too.

You could add it to the code relatively easily here: https://github.com/roja/rack-geo/blob/master/lib/rack/geo.rb

You could then set a Rack environment variable to indicate if the request is from the USA, in the call method:

Rack::Request.new(env)["born"] = "...in the USA"

Add it to your config file:

config.middleware.use Rack::Geo

And then in your controller you can test if the request has this environment variable set appropriately and redirect to a 'sorry you must be from the USA' page:

if params['born'] == "...in the USA"
  redirect_to "/not_from_round_here"
end

Bear in mind that IP address sniffing is fallible. I often take trains in the UK and end up with Google in German.

A geoip alternative is can be found here: http://humbuckercode.co.uk/licks/gems/geoip/

Uses the maxmind libraries, easy to set up, no schema updates needed, fast