I have a big request from the data center for my web server on FreeBSD, and sometimes it has a lot of performance issues with my web projects. Adding all IP data centers to the IPFW list is not possible.
I don’t want to use large anti-DDoS systems, instead I want to create a bash script to connect to my server, filter by IP and add IP addresses of IPFW addresses, which now connect more than 5 streams. Or perhaps create multiple tables in IPFW and add over the table:
- 0 <5: - nothing
- 5 <10: - table 1 (ban for 15 minutes)
- 10 <15: - table 2 (30 minute ban)
- 15 <20: - table 3 (60 minute ban)
- more than 20: - table 4 (1 day ban)
The IP filter should skip Google IP and other ip search engines by hostname.
This is my script for grep connections and sorting:
netstat -nptcp | egrep -v 'Active|Address' | awk '{print $5}' | cut -d. -f 1-4 | sort | uniq -c | sort -n | tail -n 30
Analyzing the log files is too bad an idea, because the log file is sometimes large, and I have to use additional web server resources for parsing and sorting.
So, I was thinking maybe creating this script in PHP? But if PHP crashES, the server will not be protected.
Are there any other considerations I should be aware of?
source
share