tail -50000 /apps/logs/haproxy/haproxy.log |grep api_backend|awk -F":" '{ print $4}'| sort | uniq -c | sort -k1,1 -rn | head -n 10 > /tmp/connet
echo ''> /tmp/blockip
while read IP
do
count=`echo "$IP"|awk -F" " '{print $1}'`
address=`echo "$IP"|awk -F" " '{print $2}'`
if [ "$count" -gt 500 ];then
echo `date` >> /apps/logs/haproxy/connect.log
echo "count ip" >> /apps/logs/haproxy/connect.log
echo "$IP" >> /apps/logs/haproxy/connect.log
iptables -A INPUT -s "$address" -j DROP
echo "iptables -D INPUT -s "$address" -j DROP" >> /tmp/blockip
fi
done < /tmp/connet
sleep 300
while read blockip
do
$blockip
echo clean iptables rule
done < /tmp/blockip
