Hello all!! Is there a log parser OR nginx module out there that can do this? I prefer this to be a tool that can invoke an iptables action, but not necessarily. BAN If an IP makes more then X requests per hour or day (limit zone module only limits based on r/m, and r/s) EXAMPLE USE: No IP should be able to send 600 requests to a site with 60 pages per day. BAN If an IP makes more then X requests to a SINGLE url per hour or day (this is not the same as the first, the first being any URL total, this being single URL total) EXAMPLE USE: No IP should be able to send 60 requests as GET / per day. BAN if an IP produces more then X requests per hour or day that result in 400, or 404 errors. EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site. Fail2Ban doesnt work on this because it does not do accounting as far as I understand, i also understand that preferably the tool should work on RAM rather then parsing logs because of intensive IO consumption. If it doesnt exist can anybody orientate me if one can be created and what could i base it off? Joseph
on 2012-07-08 23:41
on 2012-07-09 06:50
These may be of help: http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/ http://codelog.climens.net/2011/02/13/using-fail2b... http://www.cyberciti.biz/tips/linux-unix-bsd-nginx... On Sun, Jul 8, 2012 at 5:41 PM, Joseph Cabezas <tdgh2323@hotmail.com> wrote: > EXAMPLE USE: No IP should be able to send 600 requests to a site with 60 > 400, or 404 errors. > > > Joseph > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- [image: Josh Parker WordPress Consultant] <http://www.7mediaws.org> Joshua Parker WordPress Consultant & PHP Developer 888.255.1798 x701 Skype: seven-media 7 Media Web Solutions, LLC www.7mediaws.org [image: Twitter] <http://twitter.com/#%21/7mediaws>[image: Linkedin]<http://www.linkedin.com/in/joshmac>[image: Josh Parker :: WordPress Consultant] <http://www.7mediaws.org/feed/>[image: Skype][image: Google+] <http://gplus.to/joshuaparker>[image: WordPress Profile] <http://wordpress.org/extend/plugins/profile/parker... About.me] <http://about.me/joshuaparker>[image: Gravatar]<http://en.gravatar.com/joshmac3>
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.