tail
-
50000
/
apps
/
logs
/
haproxy
/
haproxy.log |grep api_backend|awk
-
F
":"
'{ print $4}'
| sort | uniq
-
c | sort
-
k1,
1
-
rn | head
-
n
10
>
/
tmp
/
connet
echo ''>
/
tmp
/
blockip
while
read IP
do
count
=
`echo
"$IP"
|awk
-
F
" "
'{print $1}'
`
address
=
`echo
"$IP"
|awk
-
F
" "
'{print $2}'
`
if
[
"$count"
-
gt
500
];then
echo `date` >>
/
apps
/
logs
/
haproxy
/
connect.log
echo
"count ip"
>>
/
apps
/
logs
/
haproxy
/
connect.log
echo
"$IP"
>>
/
apps
/
logs
/
haproxy
/
connect.log
iptables
-
A
INPUT
-
s
"$address"
-
j DROP
echo
"iptables -D INPUT -s "
$address
" -j DROP"
>>
/
tmp
/
blockip
fi
done <
/
tmp
/
connet
sleep
300
while
read blockip
do
$blockip
echo clean iptables rule
done <
/
tmp
/
blockip