I noticed that directive
IgnoreIP "XX.XXX.XXX.XX";
works if this IP supplied as X-Forwarded-For header, but does not if it goes as remote address without X-Forwarded-For header.
It was bad idea to treat r->connection->addr_text.data as (const char*) inside nx_can_ignore_ip without checking its length.
In my case 0x7F byte was after the last digit which broke the thing.
I noticed that directive IgnoreIP "XX.XXX.XXX.XX"; works if this IP supplied as X-Forwarded-For header, but does not if it goes as remote address without X-Forwarded-For header. It was bad idea to treat r->connection->addr_text.data as (const char*) inside nx_can_ignore_ip without checking its length. In my case 0x7F byte was after the last digit which broke the thing.