Possible to limit_req based on requests coming from a Class C (/24 subnet) instead of per IP (/32) ?
Francis Daly
francis at daoine.org
Thu Jun 7 08:33:47 UTC 2012
On Thu, Jun 07, 2012 at 06:15:46AM +0000, Joseph Cabezas wrote:
Hi there,
> Is it Possible to limit_req based on requests coming from a Class C (/24 subnet) instead of per IP (/32) ? If so can anybody please provide an example.
Totally untested, but:
Use exactly the same method as in the responses to your other limit_req
questions?
limit_req_zone (http://nginx.org/r/limit_req_zone) using a new variable
"$the_class_c".
limit_req (http://nginx.org/r/limit_req) to do the limiting.
map (http://nginx.org/r/map) to set the variable "$the_class_c" to
empty, or to some identifier for the class C that should be limited.
Note that those docs for "map" don't currently mention the "~ means regex
match" or the "you can refer back to matched parts from the pattern,
in the value", which are shown on http://wiki.nginx.org/HttpMapModule,
and which will likely be useful here.
In your map, you could test $remote_addr for "everything up to the
final .digits"; or possibly you could try taking "three bytes of
$binary_remote_addr".
Test it and see. Usually the debug log will include useful information
about what nginx thinks is going on, in case it is unclear.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list