I hope nginx can be handle this such as, if ($http_user_agent ~ MSIE) { allow 127.0.0.1; deny all; } if ($http_cookie ~* "id=([^;] +)(?:;|$)" ) { allow 10.0.0.1; deny all; }