Thanks for the reply
1) Your explanation clarified my misunderstanding, much appreciated.
2) Your suggestion would make a lot of sense. But after reading your response, I realized I wrote the check wrong in my example. I'm trying to whitelist an inbound request from a specific server, not one that Nginx is serving. Instead of $hostname I should be using $remote_addr and the IP of the remote server I'm attempting to whitelist from the throttling. i.e.
if ( $remote_addr = XX.XXX.XXX.XXX ) {
set $whitelist 1;
}