diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2014-06-25 13:22:05 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2014-06-25 13:22:05 -0700 |
| commit | a18be7b8a613125646ba8c7cdfa0309e96ff9412 (patch) | |
| tree | 10655f9f99d44781c1364076bda515dfbbc58194 /apache.txr | |
| parent | 6f8fe6efc48a90134d972a0b951f3439b9581160 (diff) | |
| download | txrban-a18be7b8a613125646ba8c7cdfa0309e96ff9412.tar.gz txrban-a18be7b8a613125646ba8c7cdfa0309e96ff9412.tar.bz2 txrban-a18be7b8a613125646ba8c7cdfa0309e96ff9412.zip | |
Summer 2014 update.
* apache.txr: restructuring of matching rules. Some new intruders listed.
Now also checks HTTP response code to detect accesses to nonexistent pages.
Bugfix: was not calling do-expiry.
* txrban.txr: added code at top of @(do) to easily turn off daemonization
and redirect logging to stdout for debugging.
(*extrainfo*): New global hash.
(report): New optional argument to pass extra info.
(get-info): Function to retrieve the list of extra info for an IP address.
(clear): New function to unban an IP and completely clear its access history.
(ban): Use new sh function instead of open-command. Use new backquote
operator ^ instead of '.
(process-histories): When the recent access history is empty, delete
it from *access-hist* rather than keeping an empty list there.
Also delete the *extrainfo* when this happens.
(do-expiry): Use unban function for unbanning.
(unban): New function.
* utils.txr (m): New pattern function for parsing month name.
(self): New variable to hold the script's own name.
(debug): Send output to *stdlog* instead of *stdout*, so
that we now have syslog logging.
* exim.txr: New file.
* ssh.txr: New file.
* startup.sh: New file.
Diffstat (limited to 'apache.txr')
| -rw-r--r-- | apache.txr | 36 |
1 files changed, 19 insertions, 17 deletions
@@ -1,23 +1,25 @@ @(load "txrban") @(next @(open-tail "/var/log/apache2/www.kylheku.com.log" "r" nil)) -@#(next "/var/log/apache2/www.kylheku.com.log") @(repeat) -@ (block badguys) -@ (all) -@ip - - [@(n day)/@month/@(n year):@(n hour):@(n min):@(n sec) @nil] "@method @uri @proto/@ver" @err @bytes "@ref" "@agent" -@ (and) -@ (cases) -@ (require (search-regex agent #/Googlebot|bingbot|baidu/)) -@ (fail badguys) -@ (or) -@ (require (search-regex agent #/[Bb][Oo][Tt]|[Ss]pider|[Cc]rawler|[Yy]andex/)) -@ (bind points 9) -@ (or) -@ (bind points 0) -@ (end) +@ (all) +@ip - - [@(n day)/@(m month)/@(n year):@(n hour):@(n min):@(n sec) @nil] "@method @uri @proto/@ver" @err @bytes "@ref" "@agent" +@ (and) +@ (cases) +@ (require (search-regex agent #/Googlebot|bingbot|baidu/)) +@ (bind points nil) +@ (or) +@ (require (search-regex agent #/Ezoom|[Bb][Oo][Tt]|[Ss]pider|[Cc]rawler|[Yy]andex|coccoc/)) +@ (bind points 9) +@ (or) +@ (require (not (memqual err '("200" "301" "304")))) +@ (bind points 1) +@ (or) +@ (bind points 0) @ (end) -@ (do - (let ((time (make-time year (month-num month) day hour min sec :auto))) - (report ip time points))) @ (end) +@ (do + (let ((time (make-time year month day hour min sec :auto))) + (if points + (report ip time points) + (do-expiry time)))) @(end) |