Hello, regarding rate limiting in IPv6 configurations I see the following problem: As normally a subnet between a /56 and a /64 is assigned to a client by an ISP, and both $binary_remote_addr and $remote_addr always contain the whole IPv6 address, a single client can always spoof the rate limiter by simply choosing another IPv6 address from his own subnet.
Currently I have two options to avoid this: a) Disabling IPv6 (well, not really considering that) b) Using application-level rate limiting in PHP which is awkwardly slow Did I miss some configuration options or some dirty hack to do the rate limit matching for example on /64 subnets, or is this simply not possible in nginx? Regards, Chris _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
