Created
August 21, 2014 09:21
-
-
Save notsobad/1fdfb0dc4e0031b0e390 to your computer and use it in GitHub Desktop.
Get real ip under proxy, and only alow some ip to access.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
location /secret { | |
access_by_lua ' | |
local function string_starts(String,Start) | |
return string.sub(String,1,string.len(Start)) == Start | |
end | |
local ip = nil | |
local cdn_ip = ngx.req.get_headers()["X-Real-Forwarded-For"] | |
if cdn_ip then | |
ip = cdn_ip | |
else | |
ip = ngx.var.remote_addr | |
end | |
if not string_starts(ip, "8.8.8") | |
and not string_starts(ip, "4.4.4") then | |
ngx.exit(ngx.HTTP_FORBIDDEN) | |
end | |
'; | |
content_by_lua ' | |
ngx.say("ok") | |
'; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment