Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- for i in `ls -1 /usr/local/etc/nginx/sites-enabled/`
- do
- echo "Get bans from ${i}:"
- cat /var/log/nginx/${i}-error.log | grep -E '(limiting requests|limiting connections)' | awk -F "client: " '{print $2}' | awk '{print $1}' | sort -nr | uniq -c | awk '{if($1>4)print $2}' | sed 's/\,//g' >> /tmp/nginx_tmp_bl && \
- cat /var/log/nginx/${i}-access.log | grep -E -e 'HTTP/1.(0|1)" (400|403|405|499|503|444)' -e '] "-" 400 0 "-" "-"' | awk '{print $1}' | sort -nr | uniq -c | awk '{if($1>4)print $2}' >> /tmp/nginx_tmp_bl
- sleep 5
- cat /tmp/nginx_tmp_bl | wc -l | awk '{print "Total " $1 " IP banned" }'
- done
- cat /tmp/nginx_tmp_bl | sort | uniq > /tmp/nginx_bann && \
- /sbin/pfctl -t ddos -T add -f /tmp/nginx_bann
- rm -r /tmp/nginx_tmp_bl
- /usr/sbin/tcpdrop -l -a > /tmp/nginx_drop && \
- cat /tmp/nginx_drop | wc -l | awk '{print "Total open sockets: " $1}'
- awk 'FNR==NR{a[$1];next}{ for(i=1;i<=NF;i++){ if($i in a) {print } } } ' /tmp/nginx_bann /tmp/nginx_drop | sh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
