I am using Cloudflare (CDN) and I would like to allow access to my site from only it's IPs, but it's not possible since I use set_real_ip_from to preserve real user IPs in forum logs.
I have this in my nginx.conf:
# Cloudflare
set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
real_ip_header CF-Connecting-IP;
And I am trying to use this in location ~ \.php$ {
allow 204.93.240.0/24;
allow 204.93.177.0/24;
allow 199.27.128.0/21;
allow 173.245.48.0/20;
allow 103.22.200.0/22;
allow 141.101.64.0/18;
allow 108.162.192.0/18;
allow 190.93.240.0/20;
deny all;
So is there some way to bypass real_ip_from while using allow/deny? Or maybe some other ideas.