I have a defined zone in Nginx for limiting requests, it's plain straight forward as described in their documentation:
limit_req_zone $binary_remote_addr zone=leash:10m rate=18r/s;
So far so good.
It works great with clients who act offensively, but recently some of them have started rotating their IP addresses while accessing my service, mostly within a /24 range, so I was wondering is it possibble to apply the zone connection count limit to a whole IP range (not just per IP), something like a --connlimit-mask 24 flag would do with iptables...?
The easiest way would be a nginx
combo of map
and geo
directives which would also give you the most flexibility, IMHO.
geo $geoRateBlacklist {
default 0;
192.0.0.0/24 1;
10.0.0.0/24 1;
172.0.0.0/24 1;
}
map $geoRateBlacklist $rateBlacklist {
1 $binary_remote_addr;
0 "";
}
limit_req_zone $rateBlacklist zone=leash:10m rate=18r/s;
Quickly done from memory but should work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With