使用shell脚本结合iptables防止类CC攻击

#!/bin/bash#script info:#     Analysis access_log.abc log for a certain period of time to visit the suffix: "mp3",#     and more than a certain number of requests an IP address, this IP address to iptables to filter to prevent the attack of CC.cd /usr/local/apache/logs/tail access_log.abc -n 2000 | awk '{print $1,$7}'| grep -E 'mp3$' | awk '{print $1,$2}' | sort | uniq -c | sort -nr | grep -v -E '127.0' | awk '{if($2!=null && $1>50){print $2}}' > drop_ip.txtfor i in `cat drop_ip.txt`doFLAG=0  for ai in `cat drop_ip_all.txt`    do      if [ "$i" = "$ai" ]; then        FLAG=1        break      fi  done  if [ $FLAG -eq 0 ]; then    #echo --new drop ip:$i    #add to iptables    /sbin/iptables -A INPUT -s $i -p tcp --dport 80 -j DROP  fidone#select drop_ip.txt append to drop_ip_all.txtcat drop_ip.txt >> drop_ip_all.txt#drop_ip_all remove repeat ip#cat drop_ip_all.txt | sort | uniq > drop_ip_all.txt