Hello,
Is it Possible to limit_req based on requests coming from a Class C (/24
subnet) instead of per IP (/32) ? If so can anybody please provide an
example.
Regards,
Joseph
On Thu, Jun 07, 2012 at 06:15:46AM +0000, Joseph C. wrote:
Hi there,
Is it Possible to limit_req based on requests coming from a Class C (/24 subnet)
instead of per IP (/32) ? If so can anybody please provide an example.
Totally untested, but:
Use exactly the same method as in the responses to your other limit_req
questions?
limit_req_zone (Module ngx_http_limit_req_module) using a new variable
“$the_class_c”.
limit_req (Module ngx_http_limit_req_module) to do the limiting.
map (Module ngx_http_map_module) to set the variable “$the_class_c” to
empty, or to some identifier for the class C that should be limited.
Note that those docs for “map” don’t currently mention the “~ means
regex
match” or the “you can refer back to matched parts from the pattern,
in the value”, which are shown on Module ngx_http_map_module,
and which will likely be useful here.
In your map, you could test $remote_addr for “everything up to the
final .digits”; or possibly you could try taking “three bytes of
$binary_remote_addr”.
Test it and see. Usually the debug log will include useful information
about what nginx thinks is going on, in case it is unclear.
Good luck with it,
f
Francis D. [email protected]