usage: xddos [-h] -p pid-file -f {nginx} -b {iptables,apf}
[--threshold THRESHOLD] [--dry-run] [--stdin | -l LOG_FILE]
DDoS protection system
optional arguments:
-h, --help show this help message and exit
-p pid-file PID lock file (default: None)
-f {nginx}, --format {nginx}
Log file format. (default: nginx)
-b {iptables,apf}, --blocker {iptables,apf}
Use specific blocker. (default: iptables)
--threshold THRESHOLD
Analyzer threshold. (default: 35)
--dry-run Do not block, just notify (default: False)
Parser parameters.:
--stdin Data from stdin (default: False)
-l LOG_FILE, --log LOG_FILE
Log file to process. (default: None)
# analyze nginx logs and block via apf firewall
tail -n 1000 /var/log/nginx/access.log | xddos --dry-run -p /var/run/httpprot.pid -f nginx -b apf --stdin
# analyze nginx logs and block via iptables firewall
tail -n 1000 /var/log/nginx/access.log | xddos --dry-run -p /var/run/httpprot.pid -f nginx -b iptables --stdin
NOTE: Remove --dry-run flag while in production.
By default HTTP protector uses Generic flood analyzer. It counts requests from the specific IP to some URL on the server and block this IP based on threshold parameter.
The following urls are treated as the different targets:
- (1) http://attacktarget.com/main
- (2) http://attacktarget.com/dfjslkdjf?query=fdksjf
- (3) http://attacktarget.com/dfjslkdjf?query=3847587
For example, if there is a more than 35 (default) requests from some IP to, say, url (2), then this IP is blocked.
bash <(curl https://raw.githubusercontent.com/servancho/xddos/master/install.sh)
If you want to check the script contents:
wget https://raw.githubusercontent.com/servancho/xddos/master/install.sh
bash install.sh
Install pip:
cd
wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py
python get-pip.py
Installing app using pip
pip install pip --upgrade --no-cache-dir
pip install xddos --no-cache-dir
# or upgrade
# pip install xddos --upgrade --no-cache-dir
# test installed script
xddos -h
XDDoS can protect your server automatically. To do this, perform the following steps:
cd /usr/share/xddos
./enable.sh
# to disable xddos
cd /usr/share/xddos
./disable.sh
Edit /usr/share/xddos/runner.sh to customize the parameters of the XDDoS protection.
Use nosetest to run tests. Install nosetests by running:
$ pip install nose
To run the project tests:
$ nosetests -w ./tests/
Copyright (c) 2015 JustHost.ru, Dmitry Shilyaev dima@justhost.ru