Build Your Own IP Geolocation Setup Without the SaaS Tax in an Afternoon
Problem
When you build an app or a small SaaS, you need to know at some point where IPs are coming from, or whether they're a proxy/VPN. The obvious move is to reach out to one of the services like IPinfo, IP2Location, Maxmind's commercial API, etc., which will gladly sell you geolocation, ASN/org info, and a so-called privacy flag via API.
However, those APIs aren't really that cheap:
| Service | Pricing | Included Lookups | Notes |
|---|---|---|---|
| IPinfo | From $49/mo (Basic) | 150k-500k requests/month depending on plan | Extras: ASN, carrier, company, privacy flags, WHOIS, abuse contacts. Pricing |
| IP2Location | From $32/mo for 100k API calls, or $49/year for DB license | 100k API calls/month (API) | Databases sold separately ($99–$1080/year). Pricing |
| MaxMind GeoIP2 Precision | DBs: $34-$134/mo; Web API: $0.0001–$0.002 per query | Pay per query (API) or flat DB license | Country/City/ISP/Domain lookups, plus fraud detection. Pricing |
| Neutrino API | From $10/mo | Free tier: 10-50/day; ~$69/mo for 1.5M API calls | Wide scope: IP, user agent parsing, email/phone validation, Tor/VPN detection. Plans |
So unless you're doing any kind of real traffic, such as ~10M lookups/month, you're staring at SaaS bills in the hundreds per month just to ask: "What's this IP?".
But lo, behind the scenes, most of these services are still running the same public data you can download yourself, i.e., MaxMind's free GeoLite2 databases plus community blocklists.
That's why I built pollen. A tiny, self-hosted wrapper around GeoLite2 and free VPN/proxy lists. It does the same 80% of what those SaaS APIs do, but runs locally and costs basically nothing lmao.
Solution
You don't really need an enterprise contract to answer that question "Where is my IP from? Is it a proxy?". But you only need three pieces:
- A geolocation database (MaxMind's GeoLite2 City).
- Blocklists (free community-maintained lists of abusive/proxy/VPN IPs).
- A wrapper script that ties it together and spits JSON.
That's it.
To grab the DB, we need to make a MaxMind account, then download:
mkdir -p data # Download GeoLite2-City.mmdb.gz # then decompress it: gunzip -c GeoLite2-City.mmdb.gz > data/GeoLite2-City.mmdb
The database is about 30 MB on disk and updates once a week.
You then clone the repo and install Lua deps
git clone git://git.kerochan.lol/pollen.git cd pollen sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin lua-dkjson # for Debian sudo luarocks install luasocket
You then run your first lookup:
lua pollen.lua 128.101.101.101
Output:
{
"ip":"128.101.101.101",
"country":"United States",
"city":"Minneapolis",
"org":"Unknown",
"blocked":false
}
And because the blocklist module automatically fetches free proxy/VPN lists, you'll also see blocked: true for IPs like 193.46.255.103 if they're flagged.
Optionally, if you'd rather hit over HTTP, start the API server:
lua pollen.lua --server --port 8080 # or whatever port you want
Then you can query it with curl:
curl "http://localhost:8080/lookup?ip=129.142.0.0"
Output:
{
"ip": "129.142.0.0",
"country": "Denmark",
"city": "Copenhagen",
"org": "Unknown",
"blocked": false
}
The only real reason when a SaaS is worth it, honestly, is when you're running a large consumer product like Netflix, where guaranteed uptime and SLAs are worth the money. Or that you need extra signals beyond GeoLite2 and blocklists (machine-learning fraud detection, behavioral scoring, device fingerprints). Or if you don't want to maintain anything and you're fine to pay rent for the convencience.
With pollen, you can spin up your own IP lookup + proxy detection pipeline in an afternoon, for free, and serve thousands of queries per second from a $5 VPS.