Hi,
On 05.04.21 01:13, Maxim Dounin wrote:
> You can use anything as a key in limit_req_zone, including your
> own variables. If you want to limit IPv6 addresses per /64
> subnets, something like this should work:
>
> map $binary_remote_addr $subnet {
> "~^(\C{8})" $1;
> defaul
Hello!
On Sun, Apr 04, 2021 at 10:13:46PM +0200, Christian Staudte wrote:
> regarding rate limiting in IPv6 configurations I see the following
> problem: As normally a subnet between a /56 and a /64 is assigned to a
> client by an ISP, and both $binary_remote_addr and $remote_addr always
> contai
evice
Original message From: Christian Staudte
Date: 4/4/21 16:14 (GMT-05:00) To: nginx@nginx.org
Subject: limit_req_zone for IPv6 subnets Hello,regarding rate limiting in IPv6
configurations I see the followingproblem: As normally a subnet between a /56
and a /64 is assign
Hello,
regarding rate limiting in IPv6 configurations I see the following
problem: As normally a subnet between a /56 and a /64 is assigned to a
client by an ISP, and both $binary_remote_addr and $remote_addr always
contain the whole IPv6 address, a single client can always spoof the
rate limiter
