nicholas/showcase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update with webabuse.pl details

Browse Source
This commit is contained in:
nicholasmanios
2020-03-18 16:05:32 -04:00
parent 45ff427c82
commit 59a88e59e2
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
aries/firewall/README.md
View File

@@ -14,4 +14,8 @@ Currently pf manages connecting the routes to and from the OpenVPN network (`10.
There are plans in the future to incorporate IP blocking of spammers in pf. This should be moved to the firewall of hermes so that aries does not lose the definition of _router replacement_.
## Abusive IP Blocklist
You may notice `BLOCKTEMP` and `BLOCKPERM` tables. These tables are used to block abusive hosts. The abusive hosts are determined from the number of bad requests to my web server. If an IP has > 10 4xx/5xx responses with a 24 hour period it gets added to the `BLOCKTEMP` table.
You may notice `BLOCKTEMP` and `BLOCKPERM` tables. These tables are used to block abusive hosts. The abusive hosts are determined from the number of bad requests to my web server. If an IP has > 10 4xx/5xx responses with a 24 hour period it gets added to the `BLOCKTEMP` table.
You can see the code in the `webabuse.pl` file. I've added the `system("/bin/sh", "/usr/local/etc/email_abusive_ip_logs.sh", "$ip_ext");` line so that I can get an emailed report whenever an IP is added to the blocklist.
Note that the blocklist is cleared when the firewall or server is restarted.