Geo-Fenced Data Residency
Route requests from specific countries to designated origin servers, ensuring data stays within geographic boundaries for GDPR, CCPA, and other compliance requirements.
How It Works
At the origin selection step, EdgeWrap evaluates the client's geographical location (derived from their connection IP address) against your geo-residency rules. If a matching rule is found, the request is forwarded to the rule's designated target origin instead of the default origin.
Geo Routing Flow
Client Request (Location: Germany)
│
▼
Check geo-residency rules:
│
├── Rule: ["DE", "FR", "IT"] → route to target: orig_eu_central → Route to EU origin
├── Rule: ["US", "CA"] → route to target: orig_us_east → Route to US origin
└── No match → Route to default project originDashboard Setup & Configuration
Configure Geo-Residency routing rules directly in the EdgeWrap Dashboard:
- Navigate to your project in the dashboard at
https://app.edgewrap.pro. - Go to the Data & Privacy page and select the Geo-Residency tab.
- Click the Add Geo-Routing Rule button.
- Select the target country codes (ISO-3166-1 alpha-2) that trigger the rule.
- Select the target destination server from your configured origins list.
- Toggle the rule to Enabled and click Save Rule.
API Configuration
Alternatively, you can manage Geo-Routing rules programmatically:
| Param | Type | Description |
|---|---|---|
| countryCodes | string[] (ISO-3166-1 alpha-2) | Country codes that trigger this rule (e.g. ['DE', 'FR', 'NL']) |
| targetOriginId | string | ID of the origin to route matching requests to |
| isEnabled | boolean | Toggle rule active state(default: true) |
Route EU traffic to EU origin via API
curl -X POST https://server.edgewrap.pro/v1/projects/prj_abc123/geo-residency/rules \
-H "Authorization: Bearer <your_session_token>" \
-H "Content-Type: application/json" \
-d '{
"countryCodes": ["DE", "FR", "NL", "BE", "AT", "CH", "IT", "ES", "PL"],
"targetOriginId": "orig_eu_central",
"isEnabled": true
}'GDPR Response Masking
In addition to routing, you can configure privacy masks to redact or hash sensitive fields in response bodies before they leave EdgeWrap.
| Param | Type | Description |
|---|---|---|
| pathPattern | string | URL path pattern to apply masking on (e.g. /api/users/*) |
| jsonFieldName | string | JSON field name to mask in the response body (e.g. email, ssn) |
| maskType | enum | sha256_hash | redact_all | partial_reveal_ends | strip_field |
| isEnabled | boolean | Toggle mask active state(default: true) |
| maskType | Input | Output |
|---|---|---|
| sha256_hash | "ada@example.com" | "a1b2c3d4e5f6..." |
| redact_all | "ada@example.com" | "[REDACTED]" |
| partial_reveal_ends | "ada@example.com" | "ada@*****.com" |
| strip_field | "ada@example.com" | (field removed from JSON) |
Mask email fields via API
curl -X POST https://server.edgewrap.pro/v1/projects/prj_abc123/geo-residency/masks \
-H "Authorization: Bearer <your_session_token>" \
-H "Content-Type: application/json" \
-d '{
"pathPattern": "/api/users/*",
"jsonFieldName": "email",
"maskType": "partial_reveal_ends",
"isEnabled": true
}'Note: Privacy masks operate on response bodies up to 4 MB. Responses larger than this limit are passed through unmasked.