The nginx snippet below works for https access of our web application. However several end users of the app are instead using ip access in browser to the same app with no certificate protection.
Ways to block this access?

server {
  listen 80;
  server_name ourserver.com;
  return 301 https://ourserver.com$request_uri;
}
server {
  listen  443;
  server_name ourserver.com;
 
  ### SSL details removed
  ssl_certificate "//";
  ssl_certificate_key "//";
  ssl_session_cache
  ssl_session_timeout
  ssl_ciphers
  ssl_prefer_server_ciphers on;

  location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_read_timeout 1200;
    proxy_send_timeout 1200;
    proxy_connect_timeout 75;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
  }
}