limit_req per subnet?

Grant emailgrant at gmail.com
Mon Jan 2 15:43:38 UTC 2017


>> >> I'm looking for something that can
>> >> be implemented independently of the backend, but that doesn't seem to
>> >> exist in nginx.
>> >
>> > http://nginx.org/r/limit_req_zone
>> >
>> > You can define the "key" any way that you want.
>> >
>> > Perhaps you can create something using "geo". Perhaps you want "the first
>> > three bytes of $binary_remote_addr". Perhaps you want "the remote ipv4
>> > address, rounded down to a multiple of 8". Perhaps you want something
>> > else.
>>
>>
>> So I'm sure I understand, none of the functionality described above
>> exists currently?
>
> A variable with exactly the value that you want it to have, probably
> does not exist currently in the stock nginx code.
>
> The code that allows you to create a variable with exactly the value
> that you want it to have, probably does exist in the stock nginx code.
>
> You can use "geo", "map", "set", or (probably) any of the extension
> languages to give the variable the value that you want it to have.
>
> For example:
>
>   map $binary_remote_addr $bin_slash16 {
>     "~^(?P<a>..)..$" "$a";
>   }
>
> will probably come close to making $bin_slash16 hold a binary
> representation of the first two octets of the connecting ip address.
>
> (You'll want to confirm whether "dot" matches "any byte" in your regex
> engine; or whether you can make it match "any byte" (specifically
> including the byte that normally represents newline); before you trust
> that fully, of course.)


That sounds like a good solution.  Will using map along with a regex
slow the server down much?

- Grant


More information about the nginx mailing list