diff --git a/terraform/modules/google-cloud/apps/elixir/network.tf b/terraform/modules/google-cloud/apps/elixir/network.tf
index 15faffbfb..6506bdf87 100644
--- a/terraform/modules/google-cloud/apps/elixir/network.tf
+++ b/terraform/modules/google-cloud/apps/elixir/network.tf
@@ -65,6 +65,19 @@ resource "google_compute_security_policy" "default" {
     }
   }
 
+  rule {
+    description = "block sanctioned countries"
+
+    action   = "deny(451)"
+    priority = "101"
+
+    match {
+      expr {
+        expression = "request.path.matches(\"/sign_up\") && origin.region_code in ('RU', 'BY', 'KP', 'IR', 'SY', 'CU', 'VE', 'XC', 'XD')"
+      }
+    }
+  }
+
   rule {
     description = "log all requests that match preconfigured sqli-v33-stable OWASP rule"
     preview     = true