blacklist-nginx

#!/bin/bash
#########################################################################
#  add to nginx.conf:                                                   #
#########################################################################
#  location / {
#           include /etc/nginx/blacklist.txt;
#           ...              
#  }
#########################################################################
#  crontab: */5 * * * * /usr/local/bin/blacklist-nginx &> /dev/null     #
#########################################################################

#########################################################################
###                 edit below this line                              ###
blacklist="/etc/nginx/blacklist.txt" #path to nginx blacklist
logfile="/var/log/nginx/access.log" #path to access log
whitelist="127.0.0.1 127.0.0.2 127.0.0.3" #personal ips
#########################################################################

LANG=C
cmdname=`basename $0`
newtmpdir=`mktemp -d /tmp/${cmdname}.XXXXXX`
buffer=${newtmpdir}/buffer1
buffer2=${newtmpdir}/buffer2
day=`date +%d%y%m`
yesterday=`date -d "yesterday" +%d%y%m`

trap 'cleanup' EXIT
trap 'cleanup' SIGTERM

function cleanup () {
  rm -rf "${newtmpdir}"
}

if [ -e ${newtmpdir}/lock ]
then
	echo "allready running with lockfile ${newtmpdir}/lock";
	exit;
else
	touch ${newtmpdir}/lock
fi

cat ${blacklist} | sort -u > ${buffer};

grep POST ${logfile} | awk '{print$1}' | sort | uniq -c |sort -rn |awk '$1 > 5 {print"deny "$2";"}' >> ${buffer};

grep GET ${logfile} |awk '{print$1}' | sort | uniq -c |sort -rn |awk '$1 > 50 {print"deny "$2";"}' >> ${buffer};

for white in ${whitelist}; 
do 
	cat ${buffer} | grep -v ${white} > ${buffer2}
	cat ${buffer2} > ${buffer} 
done

cat ${buffer} |sort -u > ${blacklist}

bl=`cat ${buffer} |sort -u |wc -l`

echo "blacklisted ${bl} ips!"

/etc/init.d/nginx reload;

cat ${logfile} >> "${logfile}.${day}"
cat /dev/null > ${logfile}
gzip "${logfile}.${yesterday}" &> /dev/null