#!/bin/sh
#set -x
logPath=/usr/local/nginx/logs/access.log
IPTABLES_BIN=/sbin/iptables
# 3000条日志中,如果发现120条是同一IP访问的,那么就封掉这个IP
logNum=3000
repeatNum=100
#清除IP限制的间隔时间,15:每15小时清除一次
cleanTime=3
#清除天数
cleanDay=10
#蜘蛛请求次数限制
spiderRepeatNum=300
#恶意请求某个URL的次数
badRepeatNum=30
#一分钟不超过30条指定记录
maxNumberPerMinute=70
droptime=900
iplisttxt="/tmp/iplist.txt"
ipcountertxt="/tmp/ipcounter.txt"
#echo -n `date "+%F %T"` " ";
m=`/bin/date +%H`;
d=`/bin/date +%d`;
#echo -n $((10#$m%$cleanTime));
#if [ $((10#$m % $cleanTime)) == 0 ] && [ $((10#$d % $cleanDay)) == 0 ]; then
#$IPTABLES_BIN -F
# 如果有固定的策略,必须先保存下来。每次重启后会重新载入。
# /etc/init.d/iptables restart
#fi
function dropIps()
{
vNewIps=$1
#echo "newIps: "$vNewIps
#dropedIps=`$IPTABLES_BIN -L -n | awk '{print $4}' | grep "^[0-9]"`
for ip in $vNewIps
do
#echo "ip: "$ip
#echo $dropedIps;
#c=`echo "$dropedIps" | grep $ip | wc -l`
#echo $c
#if [ $c -eq 0 ]; then
#$IPTABLES_BIN -D INPUT -s $ip -j DROP
n=`$IPTABLES_BIN -L -n | grep $ip | wc -l`
if [ $n == 0 ]; then
echo "$(date -d $(date +%H:%M:%S) +%s)"+"$ip" >> $iplisttxt
$IPTABLES_BIN -I INPUT -s $ip -j DROP
numip=`cat $ipcountertxt |grep "$ip" |wc -l`
if [ $numip > 0]; then
numip=`cat $ipcountertxt |grep $ip |awk -F "+" '{print $1}'`
fi
countip=$(($numip + 1))
sed -i '/'"$ip"'/d' "$ipcountertxt";
echo "$countip"+"$ip" >> $ipcountertxt
fi
#fi
done
#$IPTABLES_BIN -L -n --line-number
}
function doBlackList()
{
vBlackList=$1
vWhiteGrep=$2
vRepeatNum=$3
for item in $vBlackList
do
#cmd="tail -n $logNum $logPath | grep \"$item\" | awk '{print \$1}' | $vWhiteGrep | sort | uniq -c | sort -n"
export LANG=en_US.UTF-8
oneMinuteAgo=`date +\\\[%d\\\/%b\\\/%Y:%H:%M -d "-1 minute"`
cmd="grep \"$oneMinuteAgo\" $logPath | grep \"$item\" | awk '{print \$1}' | $vWhiteGrep | sort | uniq -c | sort -n"
# echo $cmd
# 重复次数满足条件,drop
newIps=`echo $cmd | sh | awk '{if($1 > '$vRepeatNum') print $2}'`;
#echo $newIps
dropIps "$newIps";
# 没有访问过任何静态资源,drop
newIps=`echo $cmd | sh | awk '{print $2}'`;
#echo $newIps
for tIp in $newIps ; do
#echo $tIp
badNum=`grep $tIp $logPath | grep $item | wc -l`
total=`grep $tIp $logPath | wc -l`
((rate=$badNum/$total));
if (($rate*100 > 50)); then
dropIps "$tIp";
fi
done
done
}
####################################################
#白名单
wList='
127.0.0.1
172.20.38
172.20.68
172.20.72
'
wUserAgentList=''
greps=""
for w in $wList
do
greps=$greps"grep -v '$w' | "
done
uGreps=''
for wu in $wUserAgentList
do
uGreps=$uGreps"grep -v '$wu' | "
done
uGrepsCmd=`echo $uGreps | sed 's/.$//'`
grepsCmd=`echo $greps | sed 's/.$//'`
####################################################
#蜘蛛黑名单
spiderList='Sosospider AhrefsBot spider Baiduspider Googlebot 360Spider bingbot';
#bList=' ';
bGreps='';
doBlackList "$spiderList" "$grepsCmd" "$spiderRepeatNum";
####################################################
# 恶意请求URL黑名单
#POST\s*/register.php?do=register\s*HTTP
badList='
POST\s*/login/process\s*HTTP
'
doBlackList "$badList" "$grepsCmd" "$maxNumberPerMinute";
######################################################
cmd="tail -n $logNum $logPath | grep -v 'ico HTTP' | grep -v 'png HTTP' | grep -v 'gif HTTP' | grep -v 'jpg HTTP' | grep -v 'js HTTP' | grep -v 'css HTTP' | awk '{print \$1}' | $grepsCmd | sort | uniq -c | sort -n "
#echo $cmd;
newIps=`echo $cmd | sh | awk '{if($1 > '$repeatNum') print $2}'`
dropIps "$newIps";
#$IPTABLES_BIN -L -n --line-number
##########################################
function dropIptables(){
nowtimee=$1;
list=$2;
base=$(( $nowtimee - $3 ));
timelist=`cat $list|awk -F "+" '{print $1}'`
for kip in $timelist ; do
if (( $kip < $base )); then
iplist=`cat $list |grep $kip | awk -F "+" '{print $2}'`;
for glist in $iplist ; do
$IPTABLES_BIN -D INPUT -s $glist -j DROP;
sed -i '/'"$glist"'/d' "$list";
# echo `cat $ipcountertxt |awk '{print $2}' |sort |uniq -c|sort -n` > $ipcountertxt
done
fi
done
}
nowtime=`date +%s`
dropIptables "$nowtime" "$iplisttxt" "$droptime";
筛选ip控制access.log中用户访问
最新推荐文章于 2021-08-09 17:13:23 发布