Block IP address for certain time period

Sukhjinder Singh asked:

I have created a php script which generally counts how many times an IP address accessed our site more than x number of times within 1 minute.

Afterwards I created a shell script top ban those ip addresses to access port 80 who exceeded x number of hit count.

which is as follows:

BLOCKDB=/tmp/ip.blocked
IPS=$(grep -Ev "^#" $BLOCKDB)
echo IPS
for i in $IPS
do
 /sbin/iptables -A INPUT -p tcp --destination-port 80 -s $i -j DROP
 /sbin/service iptables save
 /sbin/service iptables restart
 echo "Block ALL INPUT from " $i " net DROPPED."
done

What is required

  1. I would like to ban these ip addresses for certain time period say for 1 day (86400 seconds) or more, after that it again open 80 port for them?
  2. How can I send mail to myself i.e. x number of ip addresses banned to access foo.com?
  3. Is there any way my script can be enhance, so that it will read only those ip addresses from /tmp/ip.blocked which are not banned via script (iptables)?

Please advise.

My answer:


The usual answer is fail2ban. You may have to customize it a bit in order to read your web access logs.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.