1 d2c27298 2024-01-30 xs #!/bin/sh
 2 3115cd3d 2024-01-30 xs 
 3 d43799e5 2024-01-30 xs : "${HTTPBAN_WHITELIST:=127.0.0.1}"
 4 d43799e5 2024-01-30 xs : "${HTTPBAN_LIMIT_500:=10}"
 5 d43799e5 2024-01-30 xs : "${HTTPBAN_LIMIT_400:=10}"
 6 d43799e5 2024-01-30 xs : "${HTTPBAN_LIMIT_300:=10}"
 7 d43799e5 2024-01-30 xs : "${HTTPBAN_TABLE:=httpban}"
 8 3115cd3d 2024-01-30 xs 
 9 d2c27298 2024-01-30 xs alias log="logger -st http-ban"
10 d2c27298 2024-01-30 xs alias show="doas /sbin/pfctl -t players -T show"
11 d2c27298 2024-01-30 xs alias ban="doas /sbin/pfctl -t players -T add -f-"
12 d2c27298 2024-01-30 xs alias grace="doas /sbin/pfctl -t players -T delete -f-"
13 3115cd3d 2024-01-30 xs 
14 88f3e13d 2024-01-30 xs # Filter functions returning 'count IP' based on HTTP return code
15 3115cd3d 2024-01-30 xs IN_300_HOSTS() {
16 3115cd3d 2024-01-30 xs 	awk '$(NF-1) >= 300 && $(NF-1) < 400 { print $2 }' | sort | uniq -c
17 d2c27298 2024-01-30 xs }
18 3115cd3d 2024-01-30 xs 
19 3115cd3d 2024-01-30 xs IN_400_HOSTS() {
20 3115cd3d 2024-01-30 xs 	awk '$(NF-1) >= 400 && $(NF-1) < 500 { print $2 }' | sort | uniq -c
21 d2c27298 2024-01-30 xs }
22 3115cd3d 2024-01-30 xs 
23 3115cd3d 2024-01-30 xs IN_500_HOSTS() {
24 3115cd3d 2024-01-30 xs 	awk '$(NF-1) >= 500 && $(NF-1) < 600 { print $2 }' | sort | uniq -c
25 3115cd3d 2024-01-30 xs }
26 3115cd3d 2024-01-30 xs 
27 3115cd3d 2024-01-30 xs # Our local logs
28 d2c27298 2024-01-30 xs access() {
29 3115cd3d 2024-01-30 xs 	doas /bin/cat /var/www/logs/access.log
30 d2c27298 2024-01-30 xs 	doas /usr/bin/zcat /var/www/logs/access.log.*gz 2>/dev/null
31 d2c27298 2024-01-30 xs }
32 3115cd3d 2024-01-30 xs 
33 3115cd3d 2024-01-30 xs limit() {
34 3115cd3d 2024-01-30 xs 	awk -vtrig="${1:-10}" ' $1 >= trig { print $2 }'
35 3115cd3d 2024-01-30 xs }
36 3115cd3d 2024-01-30 xs 
37 d43799e5 2024-01-30 xs # shellcheck disable=SC2086,SC2046
38 d2c27298 2024-01-30 xs block() {
39 88f3e13d 2024-01-30 xs 	set -- $HTTPBAN_WHITELIST
40 d43799e5 2024-01-30 xs 	set -- $(for ip; do printf -- '-e %s ' "$ip"; done)
41 88f3e13d 2024-01-30 xs 	{
42 88f3e13d 2024-01-30 xs 		access | IN_500_HOSTS | limit "$HTTPBAN_LIMIT_500"
43 d43799e5 2024-01-30 xs 		access | IN_400_HOSTS | limit "$HTTPBAN_LIMIT_400"
44 88f3e13d 2024-01-30 xs 		access | IN_300_HOSTS | limit "$HTTPBAN_LIMIT_300"
45 88f3e13d 2024-01-30 xs 	} | sort | uniq | {
46 b72ca3a5 2024-01-30 xs 		if test -n "$*"; then grep -v "$@"; else cat; fi
47 78bfe33e 2024-01-30 xs 	}
48 d2c27298 2024-01-30 xs }
49 3115cd3d 2024-01-30 xs 
50 d2c27298 2024-01-30 xs umask 127
51 3115cd3d 2024-01-30 xs 
52 d2c27298 2024-01-30 xs block | sort >/tmp/http-ban.new
53 3115cd3d 2024-01-30 xs 
54 88f3e13d 2024-01-30 xs # Diff processing
55 d2c27298 2024-01-30 xs show | sort | awk '{ print $1 }' >/tmp/http-ban.current
56 d2c27298 2024-01-30 xs NEW=$(comm -23 /tmp/http-ban.new /tmp/http-ban.current)
57 d2c27298 2024-01-30 xs GRACE=$(comm -13 /tmp/http-ban.new /tmp/http-ban.current)
58 3115cd3d 2024-01-30 xs 
59 d2c27298 2024-01-30 xs rm /tmp/http-ban.*
60 3115cd3d 2024-01-30 xs 
61 d2c27298 2024-01-30 xs test -n "$NEW" -o -n "$GRACE" || exit 0
62 3115cd3d 2024-01-30 xs 
63 3115cd3d 2024-01-30 xs # There's new IP's
64 3115cd3d 2024-01-30 xs if test -n "$NEW"; then
65 3115cd3d 2024-01-30 xs 	log Banning new IPs:
66 3115cd3d 2024-01-30 xs 	log <<..
67 d2c27298 2024-01-30 xs $NEW
68 3115cd3d 2024-01-30 xs ..
69 3115cd3d 2024-01-30 xs 	ban <<..
70 d2c27298 2024-01-30 xs $NEW
71 3115cd3d 2024-01-30 xs ..
72 3115cd3d 2024-01-30 xs fi
73 3115cd3d 2024-01-30 xs 
74 3115cd3d 2024-01-30 xs # There's Old IP's not attacking anymore
75 3115cd3d 2024-01-30 xs if test -n "$GRACE"; then
76 3115cd3d 2024-01-30 xs 	log Gracing old IPs:
77 3115cd3d 2024-01-30 xs 	log <<..
78 d2c27298 2024-01-30 xs $GRACE
79 3115cd3d 2024-01-30 xs ..
80 3115cd3d 2024-01-30 xs 
81 3115cd3d 2024-01-30 xs 	grace <<..
82 3115cd3d 2024-01-30 xs $GRACE
83 3115cd3d 2024-01-30 xs ..
84 3115cd3d 2024-01-30 xs fi