请求量每分钟大于60次的请求IP,需要封掉,每隔20分钟解封一次
- #! /bin/bash
- ## To block the ip of bad requesting.
- ## Writen by andyleeli 2012-02-01.
- logdir="/data/log/apache-2.0.59"
- d1=`date +%Y%m%d`
- logfile="$logdir/www-access_$d1.log"
- d2=`date -d "-5 min" +%H:%M`
- n1=`grep -n $d2:00 $logfile|head -n1|awk -F":" '{print $1}'`
- n2=`wc -l $logfile |awk '{print $1}'`
- tmpdir="/tmp/badip"
- [ -d $tmpdir ] || mkdir -p $tmpdir
- sed -n "$n1,$n2"p $logfile >$tmpdir/tmp.log
- awk '{print $1}' $tmpdir/tmp.log|sort -n |uniq -c |awk '$1>300 {print $2}' >$tmpdir/bad.ip
- d3=`date +%M`
- if [ $d3 -eq "20" ] || [ $d3 -eq "40" ] || [ $d3 -eq "00" ]; then
- /usr/sbin/iptables -nvL OUTPUT|grep 'eth0' |grep 'DROP' |awk '$1<20 {print $9}'>$tmpdir/good.ip
- if [ -s $tmpdir/good.ip ]; then
- for ip in `cat $tmpdir/good.ip`
- do
- /usr/sbin/iptables -D OUTPUT -o eth0 -p tcp --sport 80 -d $ip -j DROP
- d4=`date +%Y%m%d-%H:%M`
- echo "$d4 $ip unblock" >>$tmpdir/unblock.ip
- done
- fi
- /usr/sbin/iptables -Z OUTPUT
- fi
- goodip="180.153.5.|112.64.234."
- if [ -s $tmpdir/bad.ip ] ; then
- egrep -v $goodip $tmpdir/bad.ip >$tmpdir/bad2.ip
- for ip in `cat $tmpdir/bad2.ip`
- do
- /usr/sbin/iptables -A OUTPUT -o eth0 -p tcp --sport 80 -d $ip -j DROP
- d4=`date +%Y%m%d-%H:%M`
- echo "$d4 $ip block" >>$tmpdir/block.ip
- done
- fi
编辑回复