• 实时从 httpd 的asscess_log 日志 读取访问ip和根路径 不在白名单内就iptables封堵

    参考链接
    http://www.jsutp.com/.%2fmanual/mod/mod_lua.html#luahookfixups

    #vim /etc/httpd/conf/httpd.conf
LoadModule lua_module modules/mod_lua.so
LuaHookFixups /etc/httpd/lua/ip2blacklist.lua ip2blacklist

    • 1
    • 2
    • 3
    -- /etc/httpd/lua/ip2blacklist.lua --

require 'apache2'


function ip2blacklist(r)
    -- 实时从 httpd asscess_log 日志 读取访问ip和根路径 不在白名单内就iptables封堵
    -- 
    local tbl = {'404', 'api', 'images'}
    local cmd = "sudo firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=" .. r.useragent_ip .. " drop'"
    local cmd_reload = "sudo firewall-cmd --reload"
    local hasIp = false
    for k,v in ipairs(tbl) do
        if "/"..v == r.uri then
            -- 以读写方式打开文件
            local blacklistFile= "/var/log/httpd/blacklist.txt"
            local blacklist = io.open(blacklistFile, "a+")            
            for line in blacklist:lines() do
                if(string.gsub(line, "\r\n", "") == r.useragent_ip) then
                    hasIp = true
                    break
                end           
            end
            print(hasIp)
            if not hasIp then
                 -- Log stuff ourselves and don't log in the regular log
                local f = io.open("/var/log/httpd/ip2blacklist.log", "a+")
                if f then
                    blacklist:write(r.useragent_ip.."\n")
                    f:write("ip2blacklist===" .. r.useragent_ip .. " " .. r.method .." " .. r.uri .."\n")
                    f:write("cmd===" .. cmd .."\n")
                    f:write("cmd_reload===" .. cmd_reload .. "\n")
                    f:close()
                    -- 执行命令
                    os.execute(cmd)
                    os.execute(cmd_reload)
                end
            end                               
            blacklist:close()
        end
    end
 
    return apache2.OK -- Tell httpd not to use the regular logging functions
end


-- 遍历数组
function IsInTable(value, tbl)
    for k,v in ipairs(tbl) do
        if v == value then
            return true;
        end
    end
    return false;
end 

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38
    • 39
    • 40
    • 41
    • 42
    • 43
    • 44
    • 45
    • 46
    • 47
    • 48
    • 49
    • 50
    • 51
    • 52
    • 53
    • 54
    • 55

    还有需要改进的地方,再结合实际情况修改吧

  • 相关阅读:
    设计模式-工厂设计模式
    APK反编译流程学习[1]
    Java多线程(二)
    web练习
    深度学习之Tensorboard的详细使用
    Ai数字人直播系统SaaS源码大开源,源码独立部署助力中小企业发展!
    Lambda函数介绍
    调度系统揭秘(上):调度系统设计思想
    通过API接口进行商品价格监控,可以按照以下步骤进行操作
    初识MySQL
  • 原文地址:https://blog.csdn.net/lizhihua0625/article/details/126668966