rate limiting by IP address prefix

[ammmir]

For IPv6, it doesn't make sense to rate limit individual /128 addresses since end hosts often get a huge prefix assigned to them, making it easy to bypass rate limits. Instead, how about adding a normalization prefix (default /32 for IPv4 and /128 IPv6 to keep existing functionality)?

It can be trivially accomplished by masking the desired number of bits for the prefix and using that as the IP key, for example:

IPv4: 192.0.2.123 with a /24 prefix: becomes192.0.2.0
IPv6: 2001:db8:cafe:1234:beef::fafa with /48 prefix becomes 2001:db8:cafe::

[novln]

Hello,

Thank you for this suggestion 😃

Any thought @nleof @thoas & @toxinu ?

[anacrolix]

You could apply net.IP.Mask before passing the resulting net.IP.String() to Limiter.Get.

[novln]

We are not against this evolution but currently I don't have the bandwidth to implement this...
So don't hesitate to submit a pull request, I'll be glad to help you anyway I can.

Cheers,

[novln]

@ammmir & @anacrolix:
Does 3b3ac78 resolves your issue ? Or not quite ?

[anacrolix]

Looks about right.