Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
PoliceDogs2018-06-05 22:28:41
Nginx
PoliceDogs, 2018-06-05 22:28:41

Is there a script that "turns on" the testcookie during an attack?

Hello, is there a script that monitors the number of connections to nginx (for example, using the ngx_http_stub_status_module module) and, in case of an attack, "turns on" testcookie (changes "testcookie off" to "testcookie on" in the config)?
I found one but it doesn't work :(

script i found
#!/bin/sh
 
NGINX_CONF=/srv/www/nagg.ru/conf/nginx.conf
MAIL="" # true is enable send mail
MAILTO=root
LA_ACTIVATE=17
LA_DEACTIVATE=5
NGINX_CONNECT=1000
 
########################################################
TMPLOG=/tmp/testcookie_module.tmp
NGINXCONN=`curl -s http://localhost/nginx-status | grep "Active" | awk '{print($3)}'`
LA=`cat /proc/loadavg | awk -F '.' '{print($1)}'`
 
function e {
    echo -en $(date "+%F %T"): "$1"
}
 
if [ ! -f $TMPLOG ];then echo 0 > $TMPLOG; fi
LASTRESULT=`cat $TMPLOG`
 
if [ -n "$NGINXCONN" ]; then
  if [ $NGINXCONN -gt $NGINX_CONNECT ]; then
    ALERT1="1"
  fi
fi
 
if [ -n "$LA" ]; then
  if [ $LA -gt $LA_ACTIVATE ]; then
    ALERT2="1"
  fi
fi
 
ALERT=$ALERT1$ALERT2
 
if [ -n "$ALERT" -a $LASTRESULT -eq 0 ]; then
    e; printf "Nginx connect: %-4s LA: %-3s | Activate testcookie\n" "$NGINXCONN" "$LA"
    sed -i 's/.*##-AUTO-DDOS-LABEL-##/\ttestcookie on; ##-AUTO-DDOS-LABEL-##/g' $NGINX_CONF
    /sbin/service nginx reload >/dev/null 2>&1
    echo 1 > $TMPLOG
    if [ "$MAIL" = "true" ];then
        echo "Nginx connect $NGINXCONN, LA $LA. Nginx test-cookie enable" | mail -s "`hostname` DDOS detected. Nginx test-cookie enable" $MAILTO
    fi
fi
 
if [ $LA -le $LA_DEACTIVATE -a $LASTRESULT -eq 1 ]; then
    e; printf "Nginx connect: %-4s LA: %-3s | Dectivate testcookie\n" "$NGINXCONN" "$LA"
    sed -i 's/.*##-AUTO-DDOS-LABEL-##/\ttestcookie off; ##-AUTO-DDOS-LABEL-##/g' $NGINX_CONF
    /sbin/service nginx reload >/dev/null 2>&1
    echo 0 > $TMPLOG
fi

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Saboteur, 2018-06-05
@PoliceDogs

and your nginx config is here?
/srv/www/nagg.ru/conf/nginx.conf7

Similar questions
M
mr_drinkens892015-02-13 09:31:35
How to redirect to a subdomain of the django nginx main page? 1Reply
W
WebDev2017-02-15 10:30:05
Site not opening after connecting https? 1Reply
D
Denis Semenov2017-02-16 07:34:47
How to remove index, .php, .html from url if you have NGINX? 2Reply
A
Alexey Nazarov2019-07-16 06:21:14
Why is the site unavailable? 1Reply
I
IvanKalinin2017-02-18 10:10:23
How to change localhost to domain in nginx docker-compose container? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question