Possible to limit_req based on requests coming from a Class C (/24 subnet) instead of per IP (/32) ?
francis at daoine.org
Thu Jun 7 08:33:47 UTC 2012
On Thu, Jun 07, 2012 at 06:15:46AM +0000, Joseph Cabezas wrote:
> Is it Possible to limit_req based on requests coming from a Class C (/24 subnet) instead of per IP (/32) ? If so can anybody please provide an example.
Totally untested, but:
Use exactly the same method as in the responses to your other limit_req
limit_req_zone (http://nginx.org/r/limit_req_zone) using a new variable
limit_req (http://nginx.org/r/limit_req) to do the limiting.
map (http://nginx.org/r/map) to set the variable "$the_class_c" to
empty, or to some identifier for the class C that should be limited.
Note that those docs for "map" don't currently mention the "~ means regex
match" or the "you can refer back to matched parts from the pattern,
in the value", which are shown on http://wiki.nginx.org/HttpMapModule,
and which will likely be useful here.
In your map, you could test $remote_addr for "everything up to the
final .digits"; or possibly you could try taking "three bytes of
Test it and see. Usually the debug log will include useful information
about what nginx thinks is going on, in case it is unclear.
Good luck with it,
Francis Daly francis at daoine.org
More information about the nginx