Discutie legata de atacurile dos/ddos, efectele sale si metode de filtrare

quantum · September 29, 2012

poti sa folosesti bfd si sa iti faci un fisier personalizat de regula pentru nginx error log. ceva de genu (sa nu uiti sa modifici calea corespunzator unde iti sunt logurile)


# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
TRIG="15"

# file must exist for rule to be active
REQ="/usr/sbin/nginx"

if [ -f "$REQ" ]; then
        LP="/var/log/nginx/vhost-error_log"
        TLOG_TF="nginx_flood"

        # grep the ip address
        ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep connlimit | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'`
fi

in bfd.conf cauti ban command si pui o linie de genul.


BAN_COMMAND="/sbin/iptables -A INPUT -s $ATTACK_HOST -p tcp --dport 80 -j DROP"

Sign In

Discutie legata de atacurile dos/ddos, efectele sale si metode de filtrare

Recommended Posts

quantum

Join the conversation

Browse

Activity

Pages