limit_req per subnet?

lists at lists at
Wed Dec 14 00:42:14 UTC 2016

That attack wasn't very distributed. ;-)

Did you see if the IPs were from an ISP? If not, I'd ban the service using the Hurricane Electric BGP as a guide.  At a minimum, you should be blocking the major cloud services, especially OVH. They offer free trial accounts, so of course the hackers abuse them.

If the attack was from an ISP, I can visualize a fail2ban scheme blocking the last quad not being too hard to implement . That is block ‎ Or maybe just let a typical fail2ban set up do your limiting and don't get fancy about the IP range.

I try "traffic management" at the firewall first. As I discovered with "deny" ‎in nginx, much CPU work is still done prior to ignoring the request. (I don't recall the details exactly, but there is a thread I started on the topic in this list.) Better to block via the firewall since you will be running one anyway. 

  Original Message  
From: Grant
Sent: Tuesday, December 13, 2016 2:01 PM
To: nginx at
Reply To: nginx at
Subject: limit_req per subnet?

I recently suffered DoS from a series of 10 sequential IP addresses.
limit_req would have dealt with the problem if a single IP address had
been used. Can it be made to work in a situation like this where a
series of sequential IP addresses are in play? Maybe per subnet?

- Grant
nginx mailing list
nginx at

More information about the nginx mailing list