These may be of help:<br><br><a href="http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/">http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/</a><br><br><a href="http://codelog.climens.net/2011/02/13/using-fail2ban-with-nginx-in-debian/">http://codelog.climens.net/2011/02/13/using-fail2ban-with-nginx-in-debian/</a><br>
<br><a href="http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html">http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html</a><br><br><div class="gmail_quote">On Sun, Jul 8, 2012 at 5:41 PM, Joseph Cabezas <span dir="ltr"><<a href="mailto:tdgh2323@hotmail.com" target="_blank">tdgh2323@hotmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hello all!!<br>
<br>
Is there a log parser OR nginx module out there that can do this?<br>
I prefer this to be a tool that can invoke an iptables action, but not necessarily.<br>
<br>
<br>
BAN If an IP makes more then X requests per hour or day<br>
(limit zone module only limits based on r/m, and r/s)<br>
EXAMPLE USE: No IP should be able to send 600 requests to a site with 60 pages per day.<br>
<br>
BAN If an IP makes more then X requests to a SINGLE url per hour or day<br>
<br>
(this is not the same as the first, the first being any URL total, this being single URL total)<br>
EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.<br>
<br>
<br>
BAN if an IP produces more then X requests per hour or day that result in 400, or 404 errors.<br>
EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site.<br>
<br>
<br>
Fail2Ban doesnt work on this because it does not do accounting as far as I understand, i also understand that preferably the tool should work on RAM rather then parsing logs because of intensive IO consumption.<br>
<br>
<br>
If it doesnt exist can anybody orientate me if one can be created and what could i base it off?<br>
<br>
<br>
Joseph<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div><br></div><br><table style="font-family:Times;border-top-width:1px;border-right-width:1px;border-bottom-width:1px;border-left-width:1px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(231,231,212);border-right-color:rgb(231,231,212);border-bottom-color:rgb(231,231,212);border-left-color:rgb(231,231,212)" border="0" cellpadding="0" cellspacing="0" height="102" width="400">
<tbody><tr><td style="text-align:center" bgcolor="#f0f0f0" width="100"><a href="http://www.7mediaws.org" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/wp-signature.png" alt="Josh Parker WordPress Consultant" border="0" height="90" width="90"></a></td>
<td style="padding-left:12px;font-family:Helvetica;font-size:12px;line-height:15px" bgcolor="#ffffff" width="300"><div style="margin-top:2px;color:rgb(89,75,56);font-size:13px;line-height:16px;font-weight:bold">Joshua Parker</div>
<div style="color:rgb(0,96,128)">WordPress Consultant & PHP Developer</div><div style="color:rgb(160,160,160);font-size:11px;line-height:14px">888.255.1798 x701</div><div style="color:rgb(160,160,160);font-size:11px;line-height:14px">
Skype: seven-media</div><div style="height:8px;line-height:8px"> </div><div style="color:rgb(89,75,56);font-size:11px;line-height:14px">7 Media Web Solutions, LLC</div><div style="font-size:11px;line-height:14px"><a href="http://www.7mediaws.org/" style="color:rgb(160,160,160);text-decoration:none" target="_blank">www.7mediaws.org</a></div>
</td></tr><tr><td colspan="2" align="right" bgcolor="#f0f0f0"><table cellpadding="5" cellspacing="0" width="300"><tbody><tr><td align="center"><a href="http://twitter.com/#%21/7mediaws" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/twitter.png" alt="Twitter" border="0" height="20" width="20"></a></td>
<td align="center"><a href="http://www.linkedin.com/in/joshmac" target="_blank"><img src="http://www.joshparker.us/wp-content/themes/Bluelight/images/icons/linkedin.png" alt="Linkedin" border="0" height="20" width="20"></a></td>
<td align="center"><a href="http://www.7mediaws.org/feed/" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/rss.png" alt="Josh Parker :: WordPress Consultant" border="0" height="20" width="20"></a></td>
<td align="center"><a><img src="http://www.joshparker.us/wp-content/uploads/2011/09/skype.png" alt="Skype" border="0" height="20" width="20"></a></td><td align="center"><a href="http://gplus.to/joshuaparker" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/google+.png" alt="Google+" border="0" height="20" width="20"></a></td>
<td align="center"><a href="http://wordpress.org/extend/plugins/profile/parkerj" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/blue-s.png" alt="WordPress Profile" border="0" height="20" width="20"></a></td>
<td align="center"><a href="http://about.me/joshuaparker" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/aboutme.png" alt="About.me" border="0" height="20" width="20"></a></td><td align="center">
<a href="http://en.gravatar.com/joshmac3" target="_blank"><img src="http://www.joshparker.us/wp-content/uploads/2011/08/gravatar-icon.jpg" alt="Gravatar" border="0" height="20" width="20"></a></td></tr></tbody></table></td>
</tr></tbody></table><br>