Forum: NGINX Proxy Bypass only specific IP

2974d09ac2541e892966b762aad84943?d=identicon&s=25 TheBritishGeek (Guest)
on 2014-06-24 06:43
(Received via mailing list)
I am looking for a way for allow that proxy_cache_bypass but only on a
secific hostname and client IP address.

My current setup is as follows:

location ~*
            expires 1M;
            add_header X-Cache-Status $upstream_cache_status;
            proxy_cache_bypass $http_secret_header;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_cache_valid 200 360m;
            proxy_cache_valid 302 360m;
            proxy_cache_valid 404 1m;
            proxy_cache_use_stale error timeout invalid_header updating;
            proxy_ignore_headers X-Accel-Expires Expires;

How can I add to this protection so that only 1 specific IPv4 & 1 IPv6
address can bypass the poxy ?

Posted at Nginx Forum:,251124,251124#msg-251124
2974d09ac2541e892966b762aad84943?d=identicon&s=25 itpp2012 (Guest)
on 2014-06-24 08:17
(Received via mailing list)
if ($remote_addr ~ "^(10.10.*.*)$") { .... }

Posted at Nginx Forum:,251124,251126#msg-251126
2974d09ac2541e892966b762aad84943?d=identicon&s=25 TheBritishGeek (Guest)
on 2014-06-24 12:39
(Received via mailing list)
I have tried

        if ($remote_addr ~ "^(|a:b:c:d::1:2)$")
            proxy_cache_bypass $http_secret_header;

But is does not pass testing

nginx: [emerg] "proxy_cache_bypass" directive is not allowed here

Posted at Nginx Forum:,251124,251128#msg-251128
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-06-24 16:23
(Received via mailing list)

On Tue, Jun 24, 2014 at 06:38:59AM -0400, TheBritishGeek wrote:

> I have tried
>         if ($remote_addr ~ "^(|a:b:c:d::1:2)$")
>         {
>             proxy_cache_bypass $http_secret_header;
>         }
> But is does not pass testing
> nginx: [emerg] "proxy_cache_bypass" directive is not allowed here

You have to set a variable as appropriate, and then use it in the
proxy_set_bypass directive.

    if (...) {
        set $bypass $http_secret_header;

    proxy_cache_bypass $bypass;

Also, apart from "if" checks, it may be good idea to consider geo
and map blocks, see here:

Maxim Dounin
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.