jezcaudle/barbara
jezcaudle/barbara
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Jez Caudle 2025-07-09 12:54:06 +00:00
parent 4238342785
commit b854e9d661
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -1,3 +1,12 @@
# barbara # barbara
Reads logs and, if the traffic doesn't pass muster, updates the pf table <barbara> to block it. Reads logs and, if the traffic doesn't pass muster, updates the pf table <barbara> to block it.
Barbara is the name of our Romainian White Border Collie. She doesn't trust you on your first meeting, it can months or even years before she feels secure enough to let you stroke her and even then she might try and bite you. She errs on the side of caution as does this Python3 script.
## How it works
The idea is to block traffic before it gets to your servers. PF-Badhost does a good job at keeping baddies out, but is always a few hours out-of-date and it doesn't stop everything. What can get through appears in the logs - in my case, the relayd logs, before being redirected to the actual web servers.
The Python script reads each log entry and gets the domain name of the site request and looks to see if the request is trying to retrieve file types that are allowed for that website - if it is, the request passes; otherwise it is blocked.
So, for example, if you use a static site using only html and css and a php page is requested, that IP address will be blocked. Same for cgi-bin etc.