Hi. I am trying to replicate the functionality of mod_evasive on Apache, which basically says that at the same point the same IP can have only "X connections per second".

I see the example here:
http://wiki.nginx.org/HttpLimitZoneModule

But this uses "binary_remote_addr". How does this cater for shared IPs, where people in the same network may actually have the same remote addr.

Can I therefore use some other variable, such as a combination of "binary_remote_addr" and their "http_user_agent"?

What is the most often used value in production environments?

Thanks!