1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
[
{
"name": "api limit",
"interval": 60,
"limit": 1000,
"filters": ["Path=^/api"],
"aggregations": ["Path"],
"actions": [
{"name": "block"}
],
"subrules": [
{
"name": "drop put",
"interval": 60,
"limit": 100,
"filters": ["Method=PUT"],
"aggregations": ["Header:X-Forwarded-For"],
"actions": [
{"name": "shell",
"params": {"cmd": "iptables -A INPUT -s %v -j DROP", "args": ["Header:X-Forwarded-For"]}}
]
}
]
},
{
"name": "log'n'block rss",
"interval": 300,
"limit": 2500,
"filters": ["Path=^/$", "GET:format=rss"],
"actions": [
{"name": "log"},
{"name": "block"}
]
},
{
"name": "log rule",
"filters": ["Path=/"],
"actions": [ {"name": "log"} ],
"subrules": [
{
"name": "block missing accept-language",
"filters": ["!Header:Accept-Language"],
"actions": [
{"name": "block"}
]
},
{
"name": "block curl",
"filters": ["Header:User-Agent=[Cc]url"],
"actions": [
{"name": "block"}
]
}
]
}
]
|
