Limit access to website from the network range

[StanVokac]

Hi guys,
I'm trying to limit access to the particular proxy host only from the specific network range on Docker deployment of NPM.
Setup using the Access List doesn't work as the IP addresses visible inside the Docker container belongs to Docker host.
Now I tried to setup this access limitation through advanced setting directly in proxy host configuration by using ...

location / {
  allow   85.160.59.0/24;
  deny    all;
}

Which is causing that I'm getting 403 forbidden.

Is there something wrong with this approach, or with my config? The whole proxy host configuration looks like this:

# ------------------------------------------------------------
# xxx.xxx.xx
# ------------------------------------------------------------

server {
  set $forward_scheme http;
  set $server         "xxxxxx";
  set $port           80;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

  server_name xxx.xxx.xx;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem;

# Asset Caching
  include conf.d/include/assets.conf;

  # Block Exploits
  include conf.d/include/block-exploits.conf;

    # Force SSL
    include conf.d/include/force-ssl.conf;

  access_log /data/logs/proxy-host-7_access.log proxy;
  error_log /data/logs/proxy-host-7_error.log warn;

location / {
  allow   85.160.59.0/24;
  deny    all;
}

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}