limit_req_zone for IPv6 subnets

Thomas Ward teward at
Sun Apr 4 22:57:58 UTC 2021

I dont think limit_req works on CIDR rather individual IPs.  At least per the description of the module for limiting requests, it works on a single IP level not on a CIDR range level and I don't immediately see a way to make that happen - whether IPv4 or IPv6.Sent from my T-Mobile 4G LTE Device
-------- Original message --------From: Christian Staudte <christian at> Date: 4/4/21  16:14  (GMT-05:00) To: nginx at Subject: limit_req_zone for IPv6 subnets Hello,regarding rate limiting in IPv6 configurations I see the followingproblem: As normally a subnet between a /56 and a /64 is assigned to aclient by an ISP, and both $binary_remote_addr and $remote_addr alwayscontain the whole IPv6 address, a single client can always spoof therate limiter by simply choosing another IPv6 address from his own subnet.Currently I have two options to avoid this:a) Disabling IPv6 (well, not really considering that)b) Using application-level rate limiting in PHP which is awkwardly slowDid I miss some configuration options or some dirty hack to do the ratelimit matching for example on /64 subnets, or is this simply notpossible in nginx?Regards, Chris_______________________________________________nginx mailing listnginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list