防止DOS攻击(检测nignx日志若某个IP短时间的PV过大则使用防火墙将其禁掉)
#!/bin/bash
time=`date|awk '{print $3"\\\\/"$2"\\\\/"$6}'`
awk '$4~/'"${time}"'/{print $0}' access.log |awk '{ip[$1]++}END{for (i in ip)print i,ip[i]}'|sort -rnk2|head > 18.txt
echo "$(cat 18.txt)"
while read line
do
an=`echo $line|awk '{print $2}'`
ip=`echo $line|awk '{print $1}'`
if [ $an -gt 49 ];then
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address='"${ip}"' drop'
fi
done <18.txt