[SAC] ProjectsVM Upgrade Problem
Martin Spott
Martin.Spott at mgras.net
Thu Feb 9 12:52:01 EST 2012
On Thu, Feb 09, 2012 at 06:19:13PM +0100, Martin Spott wrote:
> Blocking ranges always carries the risk of throwing the baby out with
> the bath water. What about blocking all hosts trying to HTTP GET any
> URL matching "\ \"GET http://" from the server where the following host
> name is none of the virtual hosts ?
Just an ugly hack for demonstrating what I was having in mind - don't
use this in production .... !!
#!/bin/bash
#
LOGFILE=${1}
NETSTAT=/bin/netstat
IFCONFIG=/sbin/ifconfig
IPTABLES=/sbin/iptables
INTERFACE=`${NETSTAT} -rn | awk '{print $2, $8}' | grep \^"0.0.0.0"|awk '{print $2}'`
MYIP=`${IFCONFIG} ${INTERFACE} | egrep -i " inet .*ad*r" | awk '{print $2}' | cut -f 2 -d \:`
for ENEMY in `egrep "\ \"GET http://" ${LOGFILE} | awk '{print $1 "#" $7}' | sort | uniq`; do
REMOTEHOST=`echo ${ENEMY} | cut -f 2 -d \# | cut -f 3 -d \/`
REMOTEIP=`host ${REMOTEHOST} | awk '{print $4}'`
if [ "${REMOTEIP}" != ${MYIP} ]; then
echo "${IPTABLES} -I INPUT -j REJECT -i ${INTERFACE} -s ${REMOTEHOST}"
fi
done
# EOF
Have fun,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
More information about the Sac
mailing list