Welcome! Log In Create A New Profile

Advanced

limit_req_zone for IPv6 subnets

Christian Staudte
April 04, 2021 04:14PM
Hello,

regarding rate limiting in IPv6 configurations I see the following
problem: As normally a subnet between a /56 and a /64 is assigned to a
client by an ISP, and both $binary_remote_addr and $remote_addr always
contain the whole IPv6 address, a single client can always spoof the
rate limiter by simply choosing another IPv6 address from his own subnet.

Currently I have two options to avoid this:
a) Disabling IPv6 (well, not really considering that)
b) Using application-level rate limiting in PHP which is awkwardly slow

Did I miss some configuration options or some dirty hack to do the rate
limit matching for example on /64 subnets, or is this simply not
possible in nginx?

Regards, Chris
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

limit_req_zone for IPv6 subnets

Christian Staudte April 04, 2021 04:14PM

RE: limit_req_zone for IPv6 subnets

Thomas Ward April 04, 2021 07:00PM

Re: limit_req_zone for IPv6 subnets

Maxim Dounin April 04, 2021 07:14PM

Re: limit_req_zone for IPv6 subnets

Christian Staudte April 05, 2021 07:48AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 45
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready