AWS Certified Advanced Networking - Specialty (#21)

Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load balancer/PHP on nginx server/RDS in multiple Availability Zones. You need to apply Geographic Restriction and identify the client’s IP address in your application to generate dynamic content. How should you utilize AWS services in a scalable fashion to perform this task?

Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to apply the Geographic Restriction.
Enable ELB access logs to store the client IP address and parse these to dynamically modify a blacklist.
Use X-Forwarded-For with security groups to apply the Geographic Restriction.
Modify the application code to use value of X-Forwarded-For and CloudFront to apply the Geographic Restriction.