The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

To Block IPs which has apache connections more then 100

Discussion in 'EasyApache' started by vdsonawane, Sep 13, 2009.

  1. vdsonawane

    vdsonawane Registered

    Joined:
    Jul 31, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello Guys,

    Here is script to block IPs which has APACHE connections more than 100.
    It will block IPs in route firewall.

    -----------------
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | grep -v 127.0.0.1 | while read CONNECTIONS IPADDRESS;
    do {
    while [ $CONNECTIONS -gt 100 ]
    do {
    echo "`route -add $IPADDRESS reject`";
    break
    }
    done
    }
    done
    -------------------
    To unblock anyone IP from route firewall

    route del IP reject

    Regards,
    Vijay
     
    #1 vdsonawane, Sep 13, 2009
    Last edited: Sep 13, 2009
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Block IP scripts

    Thank you for your help.
     
  3. subin_hutton

    subin_hutton Member

    Joined:
    Jul 25, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Just a technical correction, your script (as written) doesn't detect connection to Apache but rather connections to the entire server from all services combined and since you further didn't put any filters against trapping inactive links and count those as active connections, you will likely trap a lot of legitimate connections --- some of which may have nothing to do with the web!

    Also, instead of needing to focus more specifically on matching the correct target connections and checking to see they are actually really in an active status, you may to rate throttle those connections instead of flat dead routing them.

    Don't despair! It's a good idea but your script needs some work! :)
     
    #4 Spiral, Sep 16, 2009
    Last edited: Sep 16, 2009
  5. d_t

    d_t Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bucharest
    Better use ConfigServer csf with connection track and port monitor set to 80.
    ConfigServer Security & Firewall

    However, depending on Apache configuration, 100 might be too restrictive.
     
  6. vdsonawane

    vdsonawane Registered

    Joined:
    Jul 31, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    Hmm, Just need to define port 80 into netstat command, so that it will count only apace service connections rather than all services connections.

    Command => netstat -ntu | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n | grep -v 127.0.0.1 | while read read CONNECTIONS IPADDRESS;

    Will update you, If i can make it much better:)

    Regards,
    Vijay Sonawane
     
Loading...

Share This Page