The geographic firewall in @doublegram_captcha_bot lets admins control who can even attempt captcha in a Telegram group based on the user's country of origin. It runs when the member opens the Mini App — before Google reCAPTCHA is shown.
How country is detected
When a user opens the verification Mini App in Telegram, traffic passes through Cloudflare. The server reads the CF-IPCountry header (ISO country code, e.g. US, IT, DE) and compares it to your group's firewall rules.
If blocked:
- User is removed immediately (ban or kick per your punishment setting)
- reCAPTCHA never loads
- Event is logged for
/statsfirewall section - Group owner may get a notification if enabled in
/settings
Configure the firewall
Admins send /firewall in the group — an inline keyboard to:
- Select countries (paginated, 10 per page)
- Switch Blacklist vs Whitelist mode
- Switch Ban vs Kick punishment
Firewall vs captcha vs timeout
| Layer | When | Purpose |
|---|---|---|
| Geographic firewall | Opening Mini App | Country-based access control |
| reCAPTCHA | After geo pass | Human vs bot check |
| Timeout kicker | Mute without verify | Remove slow or abandoned joins |
VPN caveat: Country reflects the IP Cloudflare sees. VPN users may appear as a different country than their real location.
Quick reference
- Command:
/firewall - Detection: Cloudflare CF-IPCountry
- Runs: before reCAPTCHA
- Modes: blacklist or whitelist
Related: set up blacklist mode to block specific countries — see Firewall Blacklist Mode on Telegram.