On Wed, Oct 29, 2014 at 01:35:50PM -0500, Joe Rizzo wrote:

Hi there,

> I have nginx servers behind an AWS ELB. Because web sockets are
> leveraged, the ELB is configured as TCP load balancing with the proxy
> protocol option set. The true IP address of the client is extracted as
> variable $proxy_protocol_addr.
>
> How would I configure nginx to allow/deny access based on the
> $proxy_protocol_addr variable?

According to http://nginx.org/en/docs/http/ngx_http_geoip_module.html, the
module uses the client IP address or something from the X-Forwarded-For
header.

I suspect that if you want to use a different variable, the simplest
pure-config way would be to reverse proxy to another nginx server{},
including your variable in the X-Forwarded-For header, and do the normal
processing (including the deny/allow that you want) there.

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx