Block IP on multiple errors

PCZero

Well-Known Member
Dec 13, 2003
647
72
178
Earth
I realize this is not necessarily a WHM/cPanel issue however I am asking for input here in case others may be interested in doing the same thing.

I would like to be able to script/options/program that would allow me to automatically block an IP after it has reached X number of errors in Y amount of time (seconds). Preferably I should also be able to be able to flag what errors (400, 403, 500, etc) I want to count towards the X errors value.

Example I might want to say if a given IP reaches a total of 10 total 404 and/or 500 errors within 5 seconds then that IP should be blocked.

1) Can someone suggest how I might be able to do this please?
2) Would anyone else be interested in using such a feature?
3) Is this something that can or shoudl be offered in the WHM environment?

Any input is welcome and invited.

Thanks!
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Example I might want to say if a given IP reaches a total of 10 total 404
CSF does this:

# This option will keep track of the number of "File does not exist" errors in
# HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL
# seconds then the IP address will be blocked
#
# Care should be used with this option as it could generate many
# false-positives, especially Search Bots (use csf.rignore to ignore such bots)
# so only use this option if you know you are under this type of attack
#
# A sensible setting for this would be quite high, perhaps 200
#
# To disable set to "0"
LF_APACHE_404 =