I have rate limiting in place at the moment, but I regularly see spikes of requests from literally ~100 IPs within the same class-C network (I mean not a specific class-C, but various class-C’s).
I’m wondering if anyone can work out a way to create rate limiting rules that are not based around the absolute IP, but rather the /24 (or whatever you want for that matter) src IP range.
eg. if I have:
126.96.36.199 - 4 requests
188.8.131.52 - 3 requests
184.108.40.206 - 4 requests
220.127.116.11 - 3 requests
…all within 10 seconds, this exceeds 10 requests within the last 10 seconds for the /24 range… but not for the individual IPs, I’m after a way to say “if >10 in 10 seconds for /24 block” if that makes sense.
Help would be most appreciated!