Hi all,
I have rate limiting in place at the moment, but I regularly see spikes of requests from literally ~100 IPs within the same class-C network (I mean not a specific class-C, but various class-C’s).
I’m wondering if anyone can work out a way to create rate limiting rules that are not based around the absolute IP, but rather the /24 (or whatever you want for that matter) src IP range.
eg. if I have:
2.2.2.40 - 4 requests
2.2.2.55 - 3 requests
2.2.2.111 - 4 requests
2.2.2.181 - 3 requests
…all within 10 seconds, this exceeds 10 requests within the last 10 seconds for the /24 range… but not for the individual IPs, I’m after a way to say “if >10 in 10 seconds for /24 block” if that makes sense.
Help would be most appreciated!
Cheers,
Aaron.
1 post - 1 participant