NAME
App::Waf - A sample Web Application Firewall, analysis the web logs for illegal attempt in real time。 summary the source IP and other tpyes infomations ,using this infomations for ban whith iptables.
通过解析web访问日志,实时统计非法访问,结合防火期等进行 主动式防御。
VERSION
Version 0.04
SYNOPSIS
Perhaps a little code snippet.
EXPORT
实例
use App::Waf;
my $filename = "example.acess";#日志文件
my $numlines = 50000; #要处理的行数,从后读。
my $line=tail($filename,$$numlines);
($log,$zcount,$zip,$zrequrl,$zstatus,$siteurl)=initCount($line);
print "==============Attack Summary ==================\n";
print "\nThe total attack count: $zcount \n";
print "\nThe count from source IP: \n\n";
print "$_\=> $zip->{$_} \n" for(sort keys %{$zip});
print "The count From request Url: \n\n";
print "$_\=> $zrequrl->{$_} \n" for(sort keys %{$zrequrl});
print "\n\nThe count From Http Status: \n\n";
print "$_\=> $zstatus->{$_} \n" for(sort keys %{$zstatus});
print "\n\nThe count From Site Url: \n\n";
print "$_\=> $siteurl->{$_} \n" for(sort keys %{$siteurl});
结合nginx 和 iptables 进行实时banip的实例(example/banip.pl)
加入crontab 每5分钟执行一次。
echo "*/5 * * * * perl $dir/banip.pl >> bianip.logs 2>&1 " >> /var/spool/cron/root
SUBROUTINES/METHODS
AUTHOR
ORANGE, <bollwarm at ijz.me>
BUGS
Please report any bugs or feature requests to bug-app-waf at rt.cpan.org
, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=App-Waf. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc App::Waf
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
Copyright 2016 ORANGE.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 11:
Non-ASCII character seen before =encoding in 'time。'. Assuming UTF-8