Nginx – How to Block X forwarded-for IP in nginx

amazon-web-servicesdenynginx

My website is running behind aws Load Balancer. Now if i try to deny any IP to access my website by using "deny 59.92.130.106" under location / nothing happened. That IP still getting 200 response.Anyone having idea why this happened and how can i block any ip in nginx running behind aws load balancer?
I used below entry but it is not working.

location / {
    deny 59.92.130.106;
}

Best Answer

Thanks all for help. I found solution for this issue. Maybe there is some bug in nginx due to which i found double IP in $http_x_forwarded_for but with the help of real_ip module now i able to block IP using $remote_addr header. By including below code in my vhost conf now i get client IP in $remote_addr header.

set_real_ip_from 0.0.0.0/0;
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;

set $allow true;
if ($remote_addr ~ "180.179.") {
     set $allow false;
}
if ($remote_addr ~ "199.47.") {
     set $allow false;
}
if ($allow = false) {
     return 403;
}
Related Topic