#!/bin/bash
#by jack
 
tail -50000 /apps/logs/haproxy/haproxy.log |grep api_backend|awk -F":" '{ print $4}'| sort | uniq -c | sort -k1,1 -rn | head -10 /tmp/connet
#tail -150000 /apps/logs/haproxy/haproxy.log |grep api_backend|awk -F":" '{ print $4}'| sort | uniq -c | sort -k1,1 -rn | head -n 10 > /tmp/connet
 
echo ''> /tmp/blockip
while read IP
do
count=`echo "$IP"|awk -F" " '{print $1}'`
address=`echo "$IP"|awk -F" " '{print $2}'`
    if "$count" -gt 500 ];then
    echo `date` >> /apps/logs/haproxy/connect.log
    echo "count     ip" >> /apps/logs/haproxy/connect.log
    echo "$IP" >> /apps/logs/haproxy/connect.log
    iptables -INPUT  -"$address" -j DROP
    echo "iptables -D INPUT  -s "$address" -j DROP" >> /tmp/blockip
    fi
 
done < /tmp/connet
 
sleep 300
 
while read blockip
do
$blockip
echo clean iptables rule
done < /tmp/blockip