Hello all!!
Is there a log parser OR nginx module out there that can do this?
I prefer this to be a tool that can invoke an iptables action, but not
necessarily.
BAN If an IP makes more then X requests per hour or day
(limit zone module only limits based on r/m, and r/s)
EXAMPLE USE: No IP should be able to send 600 requests to a site with 60
pages per day.
BAN If an IP makes more then X requests to a SINGLE url per hour or day
(this is not the same as the first, the first being any URL total, this
being single URL total)
EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.
BAN if an IP produces more then X requests per hour or day that result
in 400, or 404 errors.
EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my
site.
Fail2Ban doesnt work on this because it does not do accounting as far as
I understand, i also understand that preferably the tool should work on
RAM rather then parsing logs because of intensive IO consumption.
If it doesnt exist can anybody orientate me if one can be created and
what could i base it off?
Joseph