#!/bin/sh # varnish切割日志,每隔一天切割一次
/usr/sbin/ntpdate 202.112.10.36 >> /dev/null
logpath=/Data/logs
if [ -f $logpath/varnish.log ];then
mv $logpath/varnish.log $logpath/varnish.`date "+%Y-%m-%d"`.log
killall -9 varnishncsa
/usr/bin/varnishncsa -n /var/lib/varnish/varnish01.example.com/ -w /Data/logs/varnish.log&
fi
#分析varnishi访问日志,防CC爬虫,varnish日志必须为每天切割一次,脚本为死循环方式执行,每执行一次会sleep一小时,获取一小时内访问超过百次,并且http response code 为4xx的IP
#!/bin/sh
while true
do
num=100 #
varnishlog="/Data/logs/varnish.log" #
for i in `tac $varnishlog |awk ‘BEGIN{ "date -d \"-60 minute\" +\"%H:%M:%S\"" |getline hour1ago } {if(substr($4,14) > hour1ago && $9~"4..") print}‘|awk ‘{print $1}‘|sort|uniq -c|sort -rn|awk -v count=$num ‘{if ($1>count){print $2}}‘`
do
iptables -I INPUT -p tcp -s $i --dport 80 -j DROP #Drop
done
sleep 3600 #Sleep 1 hous
iptables -F #Clear iptables
done
本文出自 “Crazy_Linux” 博客,请务必保留此出处http://mkernel.blog.51cto.com/8015041/1433141
原文地址:http://mkernel.blog.51cto.com/8015041/1433141
