apache .htaccess alternative to "deny from X.X.X.X"?

I 开发者_StackOverflowhave nginx reverse proxying to apache and if I add "Deny from 111.111.111.111" to my htaccess it still allows them through as nginx doesn't forward the remote_addr ip of the visitor.

Is there a rule or something I can add to htaccess so if an the visitors ip address using "HTTP_X_REAL_IP" I can just redirect them to a static html page?

Something like this should work:

RewriteEngine On
RewriteCond %{HTTP:HTTP_X_REAL_IP} 111.111.111.111
RewriteRule (.*) - [F,L]

That rewrite rule will send them a 403 forbidden response without substituting another url. This should cause your default 403 error page to be shown.

You can specify your 403 error page using this:

ErrorDocument 403 /path-to-file

see: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond and http://httpd.apache.org/docs/2.0/mod/core.html#errordocument for more info.