判断一分钟ip访问界面的次数,如果超出一定的次数,那就屏蔽异常ip

    1. #!/bin/bash
    2. DATE=$(date +%d/%b/%Y:%H:%M)
    3. #nginx日志
    4. LOG_FILE=/usr/local/nginx/logs/demo2.access.log
    5. #分析ip的访问情况
    6. ABNORMAL_IP=$(tail -n5000 $LOG_FILE |grep $DATE |awk '{a[$1]++}END{for(i in a)if(a[i]>10)print i}')
    7. for IP in $ABNORMAL_IP; do
    8.     if [ $(iptables -vnL |grep -c "$IP") -eq 0 ]; then
    9.         iptables -I INPUT -s $IP -j DROP
    10.         echo "$(date +'%F_%T') $IP" >> /tmp/drop_ip.log
    11.     fi
    12. done