inda.re repositories

Commit Diff

Commit:: c27e7ff850208c00e6ce99324ace62ed4fe0580c
From:: xs <xs@inda.re>
Date:: Wed Jan 31 03:27:55 2024 UTC
Message:: Updating README.md
Actions:: Patch | Tree
commit - b72ca3a5a5e48853ab5896fa2ee3256fa4eca8e0
commit + c27e7ff850208c00e6ce99324ace62ed4fe0580c
blob - c384389b84d8488db0b174aac34dfff0d1c144ce
blob + 89a4459dca19c4dec0b5f5ead4f8868e84a6de3e
--- README.md
+++ README.md
@@ -1,17 +1,13 @@
 # http-ban
 
-Hey! It's just a simple script I'm testing as I don't want a huge HTTP
-filter solution. It targets httpd(4) log format and pfctl(8).
+A simple script I'm testing as I don't want a huge HTTP filter solution.
+It targets httpd(4) log format and pfctl(8).
 
-It's messy and harsh to read. Sorry about this. Written it a while ago
-and yet updating it a bit, removing unused code.
+Feel free to try it and share enhancements/ideas around! For me it has
+been quite effective.
 
-Feel free to try it and share enhancements/ideas around!
+# Environment variables
 
-For me it has been quite effective.
-
-# Environment Variables
-
 - `HTTPBAN_WHITELIST`: List of whitelisted IP's
 - `HTTPBAN_LIMIT_500`: Number of hits in the 500's HTTP return code range
 - `HTTPBAN_LIMIT_400`: Number of hits in the 400's HTTP return code range
@@ -21,34 +17,37 @@ For me it has been quite effective.
 
 1. Create an user
 
-	# useradd -u 404 -s /sbin/nologin -d /var/empty _httpban
+    # useradd -u 404 -s /sbin/nologin -d /var/empty _httpban
 
 2. Install the script
 
-	# install -m 755 -o root -g bin http-ban.sh /usr/local/bin/http-ban
+    # install -m 755 -o root -g bin http-ban.sh /usr/local/bin/http-ban
 
 3. Give the required permissions in /etc/doas.conf
 
-	# cat /etc/doas.conf
-	permit nopass _httpban cmd /bin/cat args /var/www/logs/access.log
-	permit nopass _httpban cmd /usr/bin/zcat args /var/www/logs/access.log.*gz
-	permit nopass _httpban cmd /sbin/pfctl args -t httpban -T show
-	permit nopass _httpban cmd /sbin/pfctl args -t httpban -T add -f-
-	permit nopass _httpban cmd /sbin/pfctl args -t httpban -T delete -f-
+    # cat /etc/doas.conf
+    permit nopass _httpban cmd /bin/cat args /var/www/logs/access.log
+    permit nopass _httpban cmd /usr/bin/zcat args /var/www/logs/access.log.*gz
+    permit nopass _httpban cmd /sbin/pfctl args -t httpban -T show
+    permit nopass _httpban cmd /sbin/pfctl args -t httpban -T add -f-
+    permit nopass _httpban cmd /sbin/pfctl args -t httpban -T delete -f-
 
 4. Create a <httpban> table in /etc/pf.conf
 
-	# cat /etc/pf.conf
-	table <httpban> persist
-	block in quick on egress from <httpban>
+    # cat /etc/pf.conf
+    table <httpban> persist
+    block drop in quick on egress from <httpban>
 
 3. Run it as _httpban (here every 5 minutes)
 
-	# crontab -eu _httpban
+    # crontab -eu _httpban
     HTTPBAN_WHITELIST='127.0.0.1 67.225.146.248'
     HTTPBAN_500=20
     HTTPBAN_400=15
     HTTPBAN_300=10
-	*/5 * * * * -s http-ban
+    */5 * * * * -s http-ban
 
-WORK branch: bug fix and testing phase
+# TODO
+
+- Testing with IPv6 addresses, if the field position is the same, it
+  should work without modifications.