notsobad/allow_ip.conf

## allow_ip.conf
server {
       listen 80;
       location /secret {
            access_by_lua '
                local function string_starts(String,Start)
                   return string.sub(String,1,string.len(Start)) == Start
                end
                local ip = nil
                local cdn_ip = ngx.req.get_headers()["X-Real-Forwarded-For"]
                if cdn_ip then
                    ip = cdn_ip
                else
                    ip = ngx.var.remote_addr
                end
                if not string_starts(ip, "8.8.8")
                    and not string_starts(ip, "4.4.4") then
                    ngx.exit(ngx.HTTP_FORBIDDEN)
                end
            ';
            content_by_lua '
                ngx.say("ok")
            ';
        }
}
	server {
	listen 80;
	location /secret {
	access_by_lua '
	local function string_starts(String,Start)
	return string.sub(String,1,string.len(Start)) == Start
	end
	local ip = nil
	local cdn_ip = ngx.req.get_headers()["X-Real-Forwarded-For"]
	if cdn_ip then
	ip = cdn_ip
	else
	ip = ngx.var.remote_addr
	end
	if not string_starts(ip, "8.8.8")
	and not string_starts(ip, "4.4.4") then
	ngx.exit(ngx.HTTP_FORBIDDEN)
	end
	';
	content_by_lua '
	ngx.say("ok")
	';
	}
	}