Dapatkan IP daripada nginx log dengan F1 adalah IP address client. Sort terbanyak ini 50 pertama head -50 dan ambil dari baris ke 2 ke 50 tail -49 sebab baris 1 ada.

portalblacklist.sh

#!/bin/bash
# To copy to /etc/nginx
# Harisfazillah Jamel
# 20230208
# ini 1000 pertama head -1000 dan ambil dari baris ke 2 ke 1000 tail -999 sebab baris 1 ada -
# Rujuk DENYN untuk hanya deny dengan jumlah cubaan lebih daripada
DENYN=200
DATE1=`printf '%(%Y-%m-%d)T\n' -1`
WRKDIR="/var/log/nginx"
ETCDIR="/etc/nginx"
logfile="$WRKDIR/portal_access.log"
RPT1="$WRKDIR/topip50portal-report-$DATE1.rpt"
CONFR="$ETCDIR/blacklistportal.conf"
##zcat "${logfile}" | cut -d' ' -f1 | sort | uniq -c | sort -nr | head -50 | tail -49 | awk -F' ' '{print $2}' > /var/log/nginx/top50ipportal.log
echo "TARIKH,JUMLAH,IP,HOST"
echo "TARIKH,JUMLAH,IP,HOST" > $RPT1
echo "#" > $CONFR
logfile2="$WRKDIR/top50ipportal-$DATE1.log"
zcat "${logfile}" | cut -d' ' -f1 | sort | uniq -c | sort -nr | head -1000 | tail -999 > $logfile2
###
cat $logfile2 | while read BARIS
do
 JUMLAH=`echo $BARIS | awk -F' ' '{print $1}'`
 IP=`echo $BARIS | awk -F' ' '{print $2}'`
 HOSTN=`host $IP`
 echo "$DATE1,$JUMLAH,$IP,$HOSTN"
 echo "$DATE1,$JUMLAH,$IP,$HOSTN" >> $RPT1

 if [ $JUMLAH  -gt  $DENYN ]
   then
     echo "deny $IP;"
     echo "deny $IP;" >> $CONFR
   else
     echo "$IP not deny."
fi

done
####
echo "allow all;" >> $CONFR
exit

Rujukan https://stackoverflow.com/questions/52895054/getting-top-urls-from-an-ip-address-from-a-nginx-log-file

##zcat "${logfile}" | cut -d' ' -f1 | sort | uniq -c | sort -nr | head -50 | tail -49 | awk -F' ' '{print $2}' > /var/log/nginx/top50ipportal.log

Masukkan dalam server nginx config

https://techexpert.tips/nginx/nginx-blocking-ip-address-list/

server {
.....
include /etc/nginx/blacklist.conf;
.......
}
}