Tool to BAN IPs based on amount of requests and response codes.

Parker, Joshua josh at joshparker.us
Mon Jul 9 04:49:19 UTC 2012 

These may be of help:

http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/

http://codelog.climens.net/2011/02/13/using-fail2ban-with-nginx-in-debian/

http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

On Sun, Jul 8, 2012 at 5:41 PM, Joseph Cabezas <tdgh2323 at hotmail.com> wrote:

>
>    Hello all!!
>
> Is there a log parser OR nginx module out there that can do this?
> I prefer this to be a tool that can invoke an iptables action, but not
> necessarily.
>
>
>  BAN If an IP makes more then X requests per hour or day
> (limit zone module only limits based on r/m, and r/s)
> EXAMPLE USE: No IP should be able to send 600 requests to a site with 60
> pages per day.
>
> BAN If an IP makes more then X requests to a SINGLE url per hour or day
>
> (this is not the same as the first, the first being any URL total, this
> being single URL total)
> EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.
>
>
> BAN if an IP produces more then X requests per hour or day that result in
> 400, or 404 errors.
> EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site.
>
>
> Fail2Ban doesnt work on this because it does not do accounting as far as I
> understand, i also understand that preferably the tool should work on RAM
> rather then parsing logs because of intensive IO consumption.
>
>
> If it doesnt exist can anybody orientate me if one can be created and what
> could i base it off?
>
>
> Joseph
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 


[image: Josh Parker WordPress Consultant] <http://www.7mediaws.org>
Joshua Parker
WordPress Consultant & PHP Developer
888.255.1798 x701
Skype: seven-media

7 Media Web Solutions, LLC
www.7mediaws.org
[image: Twitter] <http://twitter.com/#%21/7mediaws>[image:
Linkedin]<http://www.linkedin.com/in/joshmac>[image:
Josh Parker :: WordPress Consultant] <http://www.7mediaws.org/feed/>[image:
Skype][image: Google+] <http://gplus.to/joshuaparker>[image: WordPress
Profile] <http://wordpress.org/extend/plugins/profile/parkerj>[image:
About.me] <http://about.me/joshuaparker>[image:
Gravatar]<http://en.gravatar.com/joshmac3>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120709/a929415d/attachment.html>

More information about the nginx mailing list