GeoIP blocking behind AWS ELB + proxy protocol

Francis Daly francis at
Wed Oct 29 23:05:09 UTC 2014

On Wed, Oct 29, 2014 at 01:35:50PM -0500, Joe Rizzo wrote:

Hi there,

>     I have nginx servers behind an AWS ELB. Because web sockets are
> leveraged, the ELB is configured as TCP load balancing with the proxy
> protocol option set. The true IP address of the client is extracted as
> variable $proxy_protocol_addr.
>     How would I configure nginx to allow/deny access based on the
> $proxy_protocol_addr variable?

According to, the
module uses the client IP address or something from the X-Forwarded-For

I suspect that if you want to use a different variable, the simplest
pure-config way would be to reverse proxy to another nginx server{},
including your variable in the X-Forwarded-For header, and do the normal
processing (including the deny/allow that you want) there.

Francis Daly        francis at

More information about the nginx mailing list