Hi -
I have nginx servers behind an AWS ELB. Because web sockets are
leveraged, the ELB is configured as TCP load balancing with the proxy
protocol option set. The true IP address of the client is extracted as
variable $proxy_protocol_addr.
How would I configure nginx to allow/deny access based on the
$proxy_protocol_addr variable? I tried setting $X-Forwarded-For to
$proxy_protocol_addr with no luck. Below is snippets from the
configuration.
http {
geoip_proxy 10.0.0.0/8;
geoip_proxy_recursive off;
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
US yes;
CA yes;
}
…
server {
listen 82 proxy_protocol;
location / {
set $X-Forwarded-For $proxy_protocol_addr;
if ($allowed_country = no) {
return 403;
}
…
Thanks,
Joe
On Wed, Oct 29, 2014 at 01:35:50PM -0500, Joe Rizzo wrote:
Hi there,
I have nginx servers behind an AWS ELB. Because web sockets are
leveraged, the ELB is configured as TCP load balancing with the proxy
protocol option set. The true IP address of the client is extracted as
variable $proxy_protocol_addr.
How would I configure nginx to allow/deny access based on the
$proxy_protocol_addr variable?
According to Module ngx_http_geoip_module,
the
module uses the client IP address or something from the X-Forwarded-For
header.
I suspect that if you want to use a different variable, the simplest
pure-config way would be to reverse proxy to another nginx server{},
including your variable in the X-Forwarded-For header, and do the normal
processing (including the deny/allow that you want) there.
f
Francis D. [email protected]