I am using node js and in particular this package cidr-matcher in combination with a rate limiter in order to exclude certain IPs from being rate limited.
Specifically the one CIDR expression for exclusion is:
::ffff:25.0.0.0/112
A rough sketch of the code for deciding whether to exclude is:
import Matcher from "cidr-matcher";
...
public shouldRateLimitIp(ipAddress: IpAddress): boolean {
const excludedIpsMatcher = new Matcher(["::ffff:25.0.0.0/112"]);
return !excludedIpsMatcher.contains(ipAddress);
}
However, I see that IP addresses of say ::ffff:25.0.31.1 are correctly excluded where as ::ffff:25.0.1.1 never is.
In my mind ::ffff:25.0.1.1 should be excluded by the CIDR above and is in unit tests.
And I notice that in production,
Very sorry folks, it I was also posting to the rate limiter from a second environment which meant that this was a false positive. Mods welcome to delete, else I will soon enough.