I dont think limit_req works on CIDR rather individual IPs. At least per the
description of the module for limiting requests, it works on a single IP level
not on a CIDR range level and I don't immediately see a way to make that happen
- whether IPv4 or IPv6.Sent from my T-Mobile 4G LTE Device
-------- Original message --------From: Christian Staudte
<christ...@staudte.it> Date: 4/4/21 16:14 (GMT-05:00) To: nginx@nginx.org
Subject: limit_req_zone for IPv6 subnets Hello,regarding rate limiting in IPv6
configurations I see the followingproblem: As normally a subnet between a /56
and a /64 is assigned to aclient by an ISP, and both $binary_remote_addr and
$remote_addr alwayscontain the whole IPv6 address, a single client can always
spoof therate limiter by simply choosing another IPv6 address from his own
subnet.Currently I have two options to avoid this:a) Disabling IPv6 (well, not
really considering that)b) Using application-level rate limiting in PHP which
is awkwardly slowDid I miss some configuration options or some dirty hack to do
the ratelimit matching for example on /64 subnets, or is this simply
notpossible in nginx?Regards,
Chris_______________________________________________nginx mailing
listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
