Retrieve the highest number of requests

waiwaileungwaiwaileung Member
edited June 2022 in aFleX

If I want to add one more rule which is to black list the highest number of DNS query when the total number of DNS queries exceed the threshold value (i.e. $totalcount). How can I retrieve the IP address which has the highest number of DNS query?

set totalcount [table incr tmp_table [IP::client_addr]]

if { $totalcount > $::TOTALMAXQUERY } {

//Blacklist the IP which has the highest number of DNS Query

}



when DNS_REQUEST {

if { [table lookup "blacklist" [IP::client_addr]] != "" } {

log "The Blacklist for [IP::client_addr] expires in [table lifetime "blacklist" -

remaining [IP::client_addr]] seconds"

drop

return

}

if { [table lookup tmp_table [IP::client_addr]] == "" } {

table set tmp_table [IP::client_addr] 1 indef 1

log "The table entry created for [IP::client_addr]"

return

}

set count [table incr tmp_table [IP::client_addr]]

log "The DNS Query $count of $::MAXQUERY for [IP::client_addr]"

if { $count > $::MAXQUERY } {

table add "blacklist" $key "blocked" indef $::HOLDTIME

log "The Blacklist entry created for [IP::client_addr]"

table delete tmp_table $key

drop

return

}

}

Tagged:
Sign In or Register to comment.