« www 的自动封禁 80autodeny.pl |
Main
| 挑战 TC (Total Commander 原wincmd Windows Commander) (一) »
March 25, 2004
代理自动封禁 squid autodeny.pl
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/03/25/000505.html
和 www 一样
这里判断了deny次数
#!/usr/bin/perl
#
# squid log 自动封禁
# 用法:
# tail -f /opt/old_access/access.log | /opt/old_access/autodeny.pl
#
# Zhang Xiuling (windtear@ipcn.org)
#
use strict;
# 数组,记录 IP/DENIED次数
my %BADLIST = ();
my %DENIEDLIST = ();
my ($line, $badip, $date);
while (<STDIN>){
chomp $_;
$line = $_;
$badip="";
if ( $line =~ /(.*)\ (\d+\.\d+\.\d+\.\d+)\ TCP_DENIED(.*)/ ) {
$badip=$2;
}
if (! $badip ) {
next;
}
if ($badip =~ /^192.168.1./ ) {
next;
}
if (! $BADLIST{$badip} )
{
$BADLIST{$badip} = 1;
}
else
{
$BADLIST{$badip} = $BADLIST{$badip}+1;
}
if ( $BADLIST{$badip} > 50 )
{
if (! $DENIEDLIST{$badip} )
{
$DENIEDLIST{$badip} = 1;
$date = `date`;
chomp $date;
#封禁记录
printf OUT "%s %-15sn",$date,$badip;
printf OUT2 "%sn",$badip;
#或者 system 调用
system ( "printf "%s %-15sn" "$date" "$badip" >>/opt/old_access/squid.deny.log" );
system ( "printf "%sn" "$badip" >>/opt/old_access/squid.deny" );
system("/sbin/iptables -A squid -p tcp --dport 3815 -j DROP -s $badip");
}
}
}
|
|
Posted by windtear at March 25, 2004 4:26 PM
