Welcome! Log In Create A New Profile

Advanced

Re: Blocking tens of thousands of IP's

CJ Ess
November 01, 2016 05:40PM
I don't think managing large lists of IPs is nginx's strength - as far as I
can tell all of its ACLs are arrays that have the be iterated through on
each request.

When I do have to manage IP lists in Nginx I try to compress the lists into
the most compact CIDR representation so there is less to search. Here is a
perl snippet I use to do that (handles ipv4 and ipv6):

#!/usr/bin/perl

use NetAddr::IP;

my @addresses;

foreach my $subnet (split(/\s+/, $list_of_ips)) {
push(@addresses, NetAddr::IP->new($subnet));
}

foreach my $cidr (NetAddr::IP::compact(@addresses)) {
if ($cidr->version == 4) {
print $cidr . "\n";
} else {
print $cidr->short() . "/" . $cidr->masklen() . "\n";
}


On Tue, Nov 1, 2016 at 11:15 AM, Cox, Eric S <eric.cox@kroger.com> wrote:

> Is anyone aware of a difference performance wise between using
>
>
>
> return 403;
>
>
>
> vs
>
>
>
> deny all;
>
>
>
> When mapping against a list of tens of thousands of ip?
>
>
>
> Thanks
>
> ------------------------------
>
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain information that is confidential and
> protected by law from unauthorized disclosure. Any unauthorized review,
> use, disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of the original message.
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 11:18AM

Re: Blocking tens of thousands of IP's

CJ Ess November 01, 2016 05:40PM

Re: Blocking tens of thousands of IP's

jeffdyke November 01, 2016 05:48PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 05:50PM

Re: Blocking tens of thousands of IP's

Lucas Rolff November 01, 2016 05:54PM

Re: Blocking tens of thousands of IP's

mex November 04, 2016 05:37AM

Re: Blocking tens of thousands of IP's

Rainer Duffner November 01, 2016 05:52PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 06:36PM

Re: Blocking tens of thousands of IP's

Rainer Duffner November 01, 2016 06:42PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 06:44PM

Re: Blocking tens of thousands of IP's

Rainer Duffner November 01, 2016 06:56PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 06:58PM

Re: Blocking tens of thousands of IP's

gariac November 01, 2016 07:00PM

Re: Blocking tens of thousands of IP's

Tom Thorogood November 01, 2016 07:06PM

Re: Blocking tens of thousands of IP's

gariac November 01, 2016 06:48PM

Re: RE: Blocking tens of thousands of IP's

mex November 04, 2016 05:43AM

Re: Blocking tens of thousands of IP's

Jonathan Vanasco November 08, 2016 01:30PM

Re: Blocking tens of thousands of IP's

mayak November 08, 2016 06:00PM

Re: Blocking tens of thousands of IP's

mex November 15, 2016 01:09AM

Re: Blocking tens of thousands of IP's

gariac November 08, 2016 06:16PM

Re: Blocking tens of thousands of IP's

CJ Ess November 18, 2016 02:46PM

Re: Blocking tens of thousands of IP's

Maxim Dounin November 02, 2016 08:58AM

Re: Blocking tens of thousands of IP's

gariac November 01, 2016 06:28PM

Re: Blocking tens of thousands of IP's

Francis Daly November 03, 2016 03:02PM

Re: Blocking tens of thousands of IP's

noci November 23, 2016 09:33AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 69
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready