Blocking tens of thousands of IP's

Cox, Eric S eric.cox at kroger.com
Tue Nov 1 21:48:07 UTC 2016


Random, blocks, certain durations, etc. Its very random and or short lived which is something we don't want to move to the firewall at the moment

-----Original Message-----
From: Jeff Dyke [jeff.dyke at gmail.com]
Received: Tuesday, 01 Nov 2016, 5:46PM
To: nginx at nginx.org [nginx at nginx.org]
Subject: Re: Blocking tens of thousands of IP's

what is your firewall?, that is the place to block subnets etc, i assume they are not random ips, they are likely from a block owned by someone??

On Tue, Nov 1, 2016 at 5:37 PM, CJ Ess <zxcvbn4038 at gmail.com<mailto:zxcvbn4038 at gmail.com>> wrote:
I don't think managing large lists of IPs is nginx's strength - as far as I can tell all of its ACLs are arrays that have the be iterated through on each request.

When I do have to manage IP lists in Nginx I try to compress the lists into the most compact CIDR representation so there is less to search. Here is a perl snippet I use to do that (handles ipv4 and ipv6):

#!/usr/bin/perl

use NetAddr::IP;

my @addresses;

foreach my $subnet (split(/\s+/, $list_of_ips)) {
  push(@addresses, NetAddr::IP->new($subnet));
}

foreach my $cidr (NetAddr::IP::compact(@addresses)) {
  if ($cidr->version == 4) {
    print $cidr . "\n";
  } else {
    print $cidr->short() . "/" . $cidr->masklen() . "\n";
}


On Tue, Nov 1, 2016 at 11:15 AM, Cox, Eric S <eric.cox at kroger.com<mailto:eric.cox at kroger.com>> wrote:
Is anyone aware of a difference performance wise between using

return 403;

vs

deny all;

When mapping against a list of tens of thousands of ip?

Thanks

________________________________

This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is confidential and protected by law from unauthorized disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

_______________________________________________
nginx mailing list
nginx at nginx.org<mailto:nginx at nginx.org>
http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=CwMFaQ&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=cjLNEY1x_976qWvGzhCEhvWYUU4DOBVUcO97nnDYX7o&s=GwNGeoaXa46JaCsfrdl3VQZpyNHqSzWwlLq3a0UNV2I&e=>


_______________________________________________
nginx mailing list
nginx at nginx.org<mailto:nginx at nginx.org>
http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=CwMFaQ&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=cjLNEY1x_976qWvGzhCEhvWYUU4DOBVUcO97nnDYX7o&s=GwNGeoaXa46JaCsfrdl3VQZpyNHqSzWwlLq3a0UNV2I&e=>


________________________________

This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is confidential and protected by law from unauthorized disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20161101/3a4a4ecd/attachment.html>


More information about the nginx mailing list