After being hit by an attacker who discovered the origin IP by using Censys, I’m trying to secure the site.
The problem is that I can do 2 things separately but not together:
- I can get the original IPs back using
- I can only allow CF servers to connect with
But if I do both, nginx applies the allow/deny rule on the “real” connecting IP so no one can connect.
What’s the best way to solve this, preferably using just nginx? (I could set up some ufw rules, but that would lead to other issues).