GeoIP blocking behind AWS ELB + proxy protocol
Francis Daly
francis at daoine.org
Wed Oct 29 23:05:09 UTC 2014
On Wed, Oct 29, 2014 at 01:35:50PM -0500, Joe Rizzo wrote:
Hi there,
> I have nginx servers behind an AWS ELB. Because web sockets are
> leveraged, the ELB is configured as TCP load balancing with the proxy
> protocol option set. The true IP address of the client is extracted as
> variable $proxy_protocol_addr.
>
> How would I configure nginx to allow/deny access based on the
> $proxy_protocol_addr variable?
According to http://nginx.org/en/docs/http/ngx_http_geoip_module.html, the
module uses the client IP address or something from the X-Forwarded-For
header.
I suspect that if you want to use a different variable, the simplest
pure-config way would be to reverse proxy to another nginx server{},
including your variable in the X-Forwarded-For header, and do the normal
processing (including the deny/allow that you want) there.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list