script for site-killer

url

#!/bin/bash
# Purpose: to block httpd connection
# Author: netman(netman@study-area.org)
# Lisence: GPL
# Date: 2002/12/01
# Version: 0.91

#-- change log --#
# Version 0.90
# * Script created
# Version 0.91
# 1) add test for size of list file
# 2) add test for cpu loading
#

HTTP_LIST=/root/http.list
HTTP_LIST_TMP=${HTTP_LIST}.tmp
CONN_NU=16

#-- remove old rules --#
if [ -s $HTTP_LIST ]; then
for i in $(cat $HTTP_LIST); do
/sbin/iptables -D INPUT -p TCP --dport 80 -s $i -j DROP 2>/dev/null
done
#-- clean up list --#
cat /dev/null > $HTTP_LIST
fi

#-- block http if loading is greater than 85 persent --#
if [ "$(/usr/bin/sar -u 1 3 | tail -1 | awk '{print $5}' | sed 's/\..*$//')" -gt "85" ]; then
netstat -na | grep ':80' | awk '{print $5}' | cut -d: -f1 | sort | sed '/0.0.0.0/d' > $HTTP_LIST_TMP
for i in $(cat $HTTP_LIST_TMP | uniq); do
if [ $(cat $HTTP_LIST_TMP | grep $i | wc -l) -gt $CONN_NU ]; then
echo $i >> $HTTP_LIST
fi
done
for i in $(cat $HTTP_LIST); do
/sbin/iptables -I INPUT -p TCP --dport 80 -s $i -j DROP
done
fi
exit 0