App::Waf - A sample Web Application Firewall, analysis the web logs for illegal attempt in real time。 summary the source IP and other tpyes infomations ,using this infomations for ban whith iptables.

通过解析web访问日志,实时统计非法访问,结合防火期等进行 主动式防御。

VERSION

Version 0.05

SYNOPSIS

Perhaps a little code snippet.

EXPORT

实例

use App::Waf;
my $filename = "example.acess";#日志文件
my $numlines  = 50000; #要处理的行数,从后读。
my $line=tail($filename,$$numlines);
 ($log,$zcount,$zip,$zrequrl,$zstatus,$siteurl)=initCount($line);
print "==============Attack Summary ==================\n";
print "\nThe total attack count: $zcount \n";
print "\nThe count from source IP:  \n\n";
print "$_\=> $zip->{$_} \n" for(sort  keys %{$zip});
print "The count From request Url:  \n\n";
print "$_\=> $zrequrl->{$_} \n" for(sort keys %{$zrequrl});
print "\n\nThe count From Http Status:  \n\n";
print "$_\=> $zstatus->{$_} \n" for(sort keys %{$zstatus});
print "\n\nThe count From Site Url:  \n\n";
print "$_\=> $siteurl->{$_} \n" for(sort keys %{$siteurl});

结合nginx 和 iptables 进行实时banip的实例(example/banip.pl)

加入crontab 每5分钟执行一次。

echo "*/5 * * * * perl $dir/banip.pl >> bianip.logs 2>&1 " >> /var/spool/cron/root

SUBROUTINES/METHODS =head2 tail

IN: $logfile,$count; OUT: return the the latest $count lines of the $logfile.

initCount

IN: the content of need to cheack and count. OUT: all types count result.

AUTHOR

ORANGE, <bollwarm at ijz.me>

BUGS

Please report any bugs or feature requests to bug-app-waf at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=App-Waf. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc App::Waf

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2016 ORANGE.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.