A shell blocking ips running in crontab every minute via reading nginx log

blockip.sh

#!/bin/sh

log_path=/path/to/nginx/log
debug_log_path=/path/to/debug/log
tmp_file=/tmp/blockiplog.tmp
tmp_ipfile=/tmp/blockip.tmp
# don't block these ips
safe_ip=""
# don't block these user agents
safe_ua="google|yahoo|baiduspider|bingbot|FeedSky|sogou|360Spider|JikeSpider|YoudaoBot"

threshold=100

already_block=`/sbin/iptables -nL DICK_BLOCKIP|grep "^DROP"|awk '{print $4}'`

[ -f ${log_path} ] || { echo "Log file not exists" ;exit 1; }

grep `date +'\[%d/%b/%Y:%H:%M' --date="-1 minute"` ${log_path}|egrep -vi "${safe_ua}" > ${tmp_file}

if [ `/sbin/iptables -L DICK_BLOCKIP 2>&1 |grep -c 'No chain'` = 1 ]; then
    /sbin/iptables -N DICK_BLOCKIP
    /sbin/iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j DICK_BLOCKIP
fi

awk -vnvar="$threshold" '{a[$1]++}END{for (j in a) if(a[j]>nvar) print a[j],j}' ${tmp_file}|sort -rn > ${tmp_ipfile} 

# don't allow HEAD http method
grep '"HEAD ' ${tmp_file}|awk '{print $1}'|sort|uniq -c|sort -rn >> ${tmp_ipfile}

i=0
while read line
do
    echo $line >> ${debug_log_path}
    k=`echo $line|awk '{print $2}'`
    for j in ${all_ip[*]};do
        if [ "$j" = "$k" ]; then
            continue 2;
        fi
    done
    all_ip[$i]=$k
    i=$(($i+1))
done < ${tmp_ipfile}

if [ ${#all_ip[*]} = 0 ]; then
    echo "None IP " >> ${debug_log_path};
    exit 1;
fi

for i in ${all_ip[*]}
do
    for j in ${safe_ip};do
        if [ "$j" = "$i" ]; then
            echo "Safe ip ${i}" >> ${debug_log_path}
            continue 2;
        fi
    done
    for j in ${already_block};do
        if [ "$j" = "$i" ]; then
            echo "Blocked ip ${i}" >> ${debug_log_path}
            continue 2;
        fi
    done
    echo "BLOCK $i `date` " >> ${debug_log_path};
    /sbin/iptables -I DICK_BLOCKIP -p tcp --dport 80 -s $i -j DROP
done