IP filtering behind a NGINX load balancer

If you use nginx as a transparent proxy, you may want to enable .htaccess IP filtering on one of the down stream servers in your server farm.

Unfortunately, you can just use the normal syntax

Order deny,allow
Deny from all
Allow from 1.2.3.4

Instead you need use the following

SetEnvIF X-FORWARDED-FOR ^1\.2\.3\.4 AllowIP
Order deny,allow
Deny from all
Allow from env=AllowIP

If you want to use (IP address range) CIDR you need to do this in following format

SetEnvIF X-FORWARDED-FOR ^1\.2\.* AllowIP
Order deny,allow
Deny from all
Allow from env=AllowIP

• ← Previous Post
• Next Post →