Advertisement
mightyroot

nginx+pf+tcpdrop antiddos script

Aug 6th, 2013
411
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.96 KB | None | 0 0
  1. #!/bin/sh
  2.  
  3. for i in `ls -1 /usr/local/etc/nginx/sites-enabled/`
  4. do
  5. echo "Get bans from ${i}:"
  6.  cat /var/log/nginx/${i}-error.log | grep -E '(limiting requests|limiting connections)' | awk -F "client: " '{print $2}' | awk '{print $1}' | sort -nr | uniq  -c | awk '{if($1>4)print $2}' | sed 's/\,//g' >> /tmp/nginx_tmp_bl && \
  7.  cat /var/log/nginx/${i}-access.log | grep -E -e 'HTTP/1.(0|1)" (400|403|405|499|503|444)' -e '] "-" 400 0 "-" "-"' | awk '{print $1}' | sort -nr | uniq -c | awk '{if($1>4)print $2}' >> /tmp/nginx_tmp_bl
  8. sleep 5
  9. cat /tmp/nginx_tmp_bl | wc -l | awk '{print "Total " $1 " IP banned" }'
  10. done
  11.  
  12. cat /tmp/nginx_tmp_bl | sort | uniq > /tmp/nginx_bann && \
  13. /sbin/pfctl -t ddos -T add -f /tmp/nginx_bann
  14. rm -r /tmp/nginx_tmp_bl
  15.  
  16. /usr/sbin/tcpdrop -l -a > /tmp/nginx_drop && \
  17. cat /tmp/nginx_drop | wc -l | awk '{print "Total open sockets: " $1}'
  18. awk 'FNR==NR{a[$1];next}{ for(i=1;i<=NF;i++){ if($i in a) {print } } } ' /tmp/nginx_bann /tmp/nginx_drop | sh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement