Pages

Wednesday, June 11, 2014

Script to block IP address which has more connection to the port 80


###This will block the IP which has more than 50 connection to the port 80#####
netstat -anpl | awk '{print $5}'| grep :80 | grep -v [a-z] | cut -d : -f1 | sort -n | uniq -c | sort -n | tail -5 | awk '($1>50){print $2}' > /tmp/iplist.txt
ip_address="<server_IP>"
for i in `cat /tmp/iplist.txt`; do
if [ $i != $ip_address ]
then
iptables -A INPUT -s $i -j DROP
iptables -A FORWARD -s $i -j DROP
netstat -anp | grep $i | awk '{print $7}' | cut -d \/ -f1 | grep -oE "[[:digit:]]{1,}" | xargs kill
fi
done
service iptables save;
rm -f /tmp/iplist.txt