Readded the IP blocks from:
Cloudflare
Stackpath
Sucuri
I also removed the max-age from cache control header for pages.
@dpock
In the past we had this automated for the real_ip, but then we hit a nginx failure due to malformatted stackpath IP.
Still found one error in the list, an extra white space preceding the forward slash... will check now. Last time one of their ipv6 was out of range.
Updating these needs automating again, maybe on a weeklys schedule, but need to properly parse for valid IPS for each one, last time got bitten, just lucky I was up and was the only person with it enabled.