Hi!

I'd like to forbid access to "intranet.example.com", except for the two IP addresses shown in the config. Every other domain in *.example.com is available for every IP. Https and http should be handled exactly the same way.
Now I'm not exactly sure how to do this. My only guess would be to do this with the "evil if". But I'm pretty sure this is the wrong way ;)

Could you help me please? Thanks in advance!

By the way, my webserver does nothing but to process requests to the backend proxy or deliever static content from the disk.

server {
listen 80;
listen 172.17.1.23:443 ssl;
server_name ~^(.*)\.example\.com;
root /home/user/server/lib/modules/web-core-module-1.0-SNAPSHOT/webapp;
access_log /var/log/nginx/example_access.log;

ssl_certificate ssl/example.com.crt;
ssl_certificate_key ssl/example.com.key;

location / {
if ($host = "example.com" ) {
rewrite ^/(.*)$ $scheme://www.$host/$1 permanent;
}
proxy_pass http://localhost:8081;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header x-forwarded-for $remote_addr;
proxy_set_header Host $http_host;
}

location ~ (?!(js/ext3|js/release|js/ext-extensions|js/rpc|js/util|img|css)) {
expires 12h;
}

set $forbid 0;
if ($host = "intranet.example.com") {
set $forbid 1;
}
if ($host = "https://intranet.example.com") {
set $forbid 1;
}
if ($remote_addr ~* "1.1.1.1|2.2.2.2") {
set $forbid 0;
}
if ($forbid = 1) {
return 403;
}

error_page 403 @forbidden;
location @forbidden {
rewrite ^(.*)$ /403.html break;
}
error_page 500 501 502 503 504 @server_error;
location @server_error {
rewrite ^(.*)$ /500.html break;
}

}