Tool to BAN IPs based on amount of requests and response codes.
josh at joshparker.us
Mon Jul 9 04:49:19 UTC 2012
These may be of help:
On Sun, Jul 8, 2012 at 5:41 PM, Joseph Cabezas <tdgh2323 at hotmail.com> wrote:
> Hello all!!
> Is there a log parser OR nginx module out there that can do this?
> I prefer this to be a tool that can invoke an iptables action, but not
> BAN If an IP makes more then X requests per hour or day
> (limit zone module only limits based on r/m, and r/s)
> EXAMPLE USE: No IP should be able to send 600 requests to a site with 60
> pages per day.
> BAN If an IP makes more then X requests to a SINGLE url per hour or day
> (this is not the same as the first, the first being any URL total, this
> being single URL total)
> EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.
> BAN if an IP produces more then X requests per hour or day that result in
> 400, or 404 errors.
> EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site.
> Fail2Ban doesnt work on this because it does not do accounting as far as I
> understand, i also understand that preferably the tool should work on RAM
> rather then parsing logs because of intensive IO consumption.
> If it doesnt exist can anybody orientate me if one can be created and what
> could i base it off?
> nginx mailing list
> nginx at nginx.org
[image: Josh Parker WordPress Consultant] <http://www.7mediaws.org>
WordPress Consultant & PHP Developer
7 Media Web Solutions, LLC
[image: Twitter] <http://twitter.com/#%21/7mediaws>[image:
Josh Parker :: WordPress Consultant] <http://www.7mediaws.org/feed/>[image:
Skype][image: Google+] <http://gplus.to/joshuaparker>[image: WordPress
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx