Welcome! Log In Create A New Profile

Advanced

Tool to BAN IPs based on amount of requests and response codes.

Joseph Cabezas
July 08, 2012 05:42PM
Hello all!!

Is there a log parser OR nginx module out there that can do this?
I prefer this to be a tool that can invoke an iptables action, but not necessarily.


BAN If an IP makes more then X requests per hour or day
(limit zone module only limits based on r/m, and r/s)
EXAMPLE USE: No IP should be able to send 600 requests to a site with 60 pages per day.

BAN If an IP makes more then X requests to a SINGLE url per hour or day

(this is not the same as the first, the first being any URL total, this being single URL total)
EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.


BAN if an IP produces more then X requests per hour or day that result in 400, or 404 errors.
EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site.


Fail2Ban doesnt work on this because it does not do accounting as far as I understand, i also understand that preferably the tool should work on RAM rather then parsing logs because of intensive IO consumption.


If it doesnt exist can anybody orientate me if one can be created and what could i base it off?


Joseph

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Tool to BAN IPs based on amount of requests and response codes.

Joseph Cabezas July 08, 2012 05:42PM

Re: Tool to BAN IPs based on amount of requests and response codes.

parkerj July 09, 2012 12:50AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 113
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready