Hello,
I have an app after AWS loadbalancer (172.31.x.y). it also has some internal proxies as well. The app already has ngx_http_realip_module installed. When I used a curl command to access the index page, I could see this in the log:
127.0.0.1 - - [21/Nov/2023:23:18:59 +0000] "GET / HTTP/1.1" 200 964 "-" "curl/7.81.0" "a.b.c.d, 172.31.35.184"
172.31.35.184 - - [21/Nov/2023:23:18:59 +0000] "GET / HTTP/1.1" 200 964 "-" "curl/7.81.0" "a.b.c.d"
It can be seen that there are two requests with $http_x_forwarded_for, with a.b.c.d is my IP address:
"a.b.c.d, 172.31.35.184"
"a.b.c.d"
Now I want to restrict - only ip a.b.c.d to access the page and other IPs need to have login, so I already did :
location @prerender {
...
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
}
location / {
set_real_ip_from 172.31.0.0/16;
set_real_ip_from a.b.c.d;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
satisfy any;
allow a.b.c.d;
deny all;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd.conf;
try_files $uri @prerender;
}
However, I still need to enter password even I am from a.b.c.d IP
Could you please help
Many thanks
AWS OFFICIALUpdated 2 years ago