Hello,

regarding rate limiting in IPv6 configurations I see the following
problem: As normally a subnet between a /56 and a /64 is assigned to a
client by an ISP, and both $binary_remote_addr and $remote_addr always
contain the whole IPv6 address, a single client can always spoof the
rate limiter by simply choosing another IPv6 address from his own subnet.

Currently I have two options to avoid this:
a) Disabling IPv6 (well, not really considering that)
b) Using application-level rate limiting in PHP which is awkwardly slow

Did I miss some configuration options or some dirty hack to do the rate
limit matching for example on /64 subnets, or is this simply not
possible in nginx?

Regards, Chris
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx