我正在尝试创建一个报告,如果 ip 请求在一分钟内攻击服务器超过 1000 次,则它是 dos 攻击。Aws waf 正在 s3 中记录日志并使用 lambda 我们将检查某个 ip 是否超过阈值。
导入 urllib 导入 boto3 导入 gzip
s3=boto3.client('s3')
def lambda_handler(event, context): # 主要配置变量 requests_limit = 100
# Parsing the required information out of the event structure
bucket_name = event['Records'][0]['s3']['bucket']['name']
file_name = urllib.parse.unquote_plus(event['Records'][0]['s3']['object']['key'])
response = s3.get_object(Bucket=bucket_name, Key=file_name)
target_bucket='blocketrequest'
FILE='Filtered' + file_name
text = response["Body"].read().decode()
e = text.split("\n")
# Parsing IPs out of the access log file
suspicious_ips = {}
for each in e:
try:
loaded_data = json.loads(each)
ip = loaded_data['httpRequest']['clientIp']
if ip in suspicious_ips.keys():
suspicious_ips[ip] += 1
else:
suspicious_ips[ip] = 1
except Exception as err:
print(f"Problem with line:{str(err)}")
break
# Filtering IPs that exceeded the limit and preparing inserts to WAF
updates_list = []
for ip in suspicious_ips.keys():
if suspicious_ips[ip] < requests_limit:
continue
updates_list.append({
'Action': 'INSERT',
'IPSetDescriptor': {
'Type': 'IPV4',
'Value': "%s/32"%ip
}
})
# Exit if there are no malicious IPs
if updates_list == []:
return
s3.put_object(Body=updates_list,Bucket=target_bucket,Key=FILE)
print('transferred')
在这段代码中,我在第 44 行遇到了意图错误,有人可以帮忙吗