And note, wp-restrict-admin-ip.conf contains all the allows with a final deny. For example,
#Remote Site 1
#Remote Site 2
In order to make this work properly with ee we had to insert that in a few places in the wpcommon.conf, so we just listed the ips in one file and included it where we needed to.
I believe your's isn't working because the std ee limit brute force in wpcommon.conf is hit before your locations.conf directives.