Hello All,
Hopefully someone may be able to assist me.
I have Squid setup here as a reverse proxy. I have logging configured using the following settings in squid.conf:
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
To block certain bots and bad user agents I have the following:
acl badbrowsers browser "/etc/squid/badbrowsers.conf"
http_access deny badbrowsers
The http_access deny returns a 403 to a visitor that meets the criteria in badbrowsers.conf and this works perfectly. But I would like to take this one step further. I would like to build a blacklist in real time if possible of IP addresses that have been served a 403 error.
Unfortunately my knowledge of most of the popular scripting languages is non-existent so I was wondering if something like a redirector could be configured to meet my needs?
I have looked at fail2ban however it doesn't seem to parse my log files even if I change the squid log format to common.
Basically I am wondering if there is a way to parse the logfile to append to a new file any IP address that was served a 403.
Thank you in advance for any pointers.
Frog..
