Hello @EdgeOfAssembly,

That is an interesting proposal! Adding Geoblocking at the repository level could certainly add an extra layer of control for developers with specific compliance or security needs.

To make sure your idea reaches the right people at GitHub, I recommend the following:

Submit to the GitHub Feedback Repository: GitHub staff actively monitors the GitHub Feedback category. Reposting this there (or moving this discussion) increases the chances of it being seen by Product Managers.

Current Alternatives: While this native feature doesn't exist yet, for organizations that need strict IP control, GitHub currently offers IP Allow Lists (for Enterprise accounts). It's a 'whitelist' approach rather than a 'blacklist' (geoblock), but it's the standard for high-security environments.

Specify the Use Case: When you repost it, it might help to explain why you need it. Is it for licensing compliance, security against DDoS from specific regions, or something else?

Great suggestion regarding the CIDR notation, it definitely makes the implementation more flexible for advanced users!

Worth noting that GitHub already has IP allow lists for Enterprise accounts, which lets you restrict access by CIDR ranges, so the underlying infrastructure for something like this exists. The gap is that it's whitelist-only and Enterprise-only, not a per-repo blocklist available to regular users.

For what you're describing specifically, the closest workaround right now would be handling it at the deployment layer rather than GitHub itself. If you're serving something from Pages or an API, you'd geoblock there instead. GitHub as a code host is a bit trickier since blocking access to the repo itself would also block contributors from those regions.

Still a reasonable feature request though, especially for compliance use cases. The feedback forum is probably the right place to push it.

whitelist only is the reasonable feature. blacklists gamify attacks

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬