Welcome! Log In Create A New Profile

Advanced

Re: Blocking tens of thousands of IP's

Lucas Rolff
November 01, 2016 05:54PM
You could very well do a small ipset together with iptables, it's fast,
and you don't have to reload for every subnet / ip you add.
Doing it within nginx is rather.. Yeah.

--
Best Regards,
Lucas Rolff


Cox, Eric S wrote:
> Random, blocks, certain durations, etc. Its very random and or short
> lived which is something we don't want to move to the firewall at the
> moment
>
> -----Original Message-----
> *From:* Jeff Dyke [jeff.dyke@gmail.com]
> *Received:* Tuesday, 01 Nov 2016, 5:46PM
> *To:* nginx@nginx.org [nginx@nginx.org]
> *Subject:* Re: Blocking tens of thousands of IP's
>
> what is your firewall?, that is the place to block subnets etc, i
> assume they are not random ips, they are likely from a block owned by
> someone??
>
> On Tue, Nov 1, 2016 at 5:37 PM, CJ Ess <zxcvbn4038@gmail.com
> <mailto:zxcvbn4038@gmail.com>> wrote:
>
> I don't think managing large lists of IPs is nginx's strength - as
> far as I can tell all of its ACLs are arrays that have the be
> iterated through on each request.
>
> When I do have to manage IP lists in Nginx I try to compress the
> lists into the most compact CIDR representation so there is less
> to search. Here is a perl snippet I use to do that (handles ipv4
> and ipv6):
>
> #!/usr/bin/perl
>
> use NetAddr::IP;
>
> my @addresses;
>
> foreach my $subnet (split(/\s+/, $list_of_ips)) {
> push(@addresses, NetAddr::IP->new($subnet));
> }
>
> foreach my $cidr (NetAddr::IP::compact(@addresses)) {
> if ($cidr->version == 4) {
> print $cidr . "\n";
> } else {
> print $cidr->short() . "/" . $cidr->masklen() . "\n";
> }
>
>
> On Tue, Nov 1, 2016 at 11:15 AM, Cox, Eric S <eric.cox@kroger.com
> <mailto:eric.cox@kroger.com>> wrote:
>
> Is anyone aware of a difference performance wise between using
>
> return 403;
>
> vs
>
> deny all;
>
> When mapping against a list of tens of thousands of ip?
>
> Thanks
>
>
> ------------------------------------------------------------------------
>
> This e-mail message, including any attachments, is for the
> sole use of the intended recipient(s) and may contain
> information that is confidential and protected by law from
> unauthorized disclosure. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply e-mail
> and destroy all copies of the original message.
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <mailto:nginx@nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx
> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=CwMFaQ&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=cjLNEY1x_976qWvGzhCEhvWYUU4DOBVUcO97nnDYX7o&s=GwNGeoaXa46JaCsfrdl3VQZpyNHqSzWwlLq3a0UNV2I&e=
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <mailto:nginx@nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx
> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=CwMFaQ&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=cjLNEY1x_976qWvGzhCEhvWYUU4DOBVUcO97nnDYX7o&s=GwNGeoaXa46JaCsfrdl3VQZpyNHqSzWwlLq3a0UNV2I&e=
>
>
>
> ------------------------------------------------------------------------
>
> This e-mail message, including any attachments, is for the sole use of
> the intended recipient(s) and may contain information that is
> confidential and protected by law from unauthorized disclosure. Any
> unauthorized review, use, disclosure or distribution is prohibited. If
> you are not the intended recipient, please contact the sender by reply
> e-mail and destroy all copies of the original message.
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 11:18AM

Re: Blocking tens of thousands of IP's

CJ Ess November 01, 2016 05:40PM

Re: Blocking tens of thousands of IP's

jeffdyke November 01, 2016 05:48PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 05:50PM

Re: Blocking tens of thousands of IP's

Lucas Rolff November 01, 2016 05:54PM

Re: Blocking tens of thousands of IP's

mex November 04, 2016 05:37AM

Re: Blocking tens of thousands of IP's

Rainer Duffner November 01, 2016 05:52PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 06:36PM

Re: Blocking tens of thousands of IP's

Rainer Duffner November 01, 2016 06:42PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 06:44PM

Re: Blocking tens of thousands of IP's

Rainer Duffner November 01, 2016 06:56PM

RE: Blocking tens of thousands of IP's

Cox, Eric S November 01, 2016 06:58PM

Re: Blocking tens of thousands of IP's

gariac November 01, 2016 07:00PM

Re: Blocking tens of thousands of IP's

Tom Thorogood November 01, 2016 07:06PM

Re: Blocking tens of thousands of IP's

gariac November 01, 2016 06:48PM

Re: RE: Blocking tens of thousands of IP's

mex November 04, 2016 05:43AM

Re: Blocking tens of thousands of IP's

Jonathan Vanasco November 08, 2016 01:30PM

Re: Blocking tens of thousands of IP's

mayak November 08, 2016 06:00PM

Re: Blocking tens of thousands of IP's

mex November 15, 2016 01:09AM

Re: Blocking tens of thousands of IP's

gariac November 08, 2016 06:16PM

Re: Blocking tens of thousands of IP's

CJ Ess November 18, 2016 02:46PM

Re: Blocking tens of thousands of IP's

Maxim Dounin November 02, 2016 08:58AM

Re: Blocking tens of thousands of IP's

gariac November 01, 2016 06:28PM

Re: Blocking tens of thousands of IP's

Francis Daly November 03, 2016 03:02PM

Re: Blocking tens of thousands of IP's

noci November 23, 2016 09:33AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 54
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready