Skip to content
This repository was archived by the owner on Mar 17, 2025. It is now read-only.

Program design

Jeremy Falling edited this page May 16, 2014 · 13 revisions

Autoban.pl This is just the parent. It will manage running the plugins according to the config (autoban.cfg) and handle most things relating to the global aspects of the program.

Autoban.cfg ALL configuration should be defined here. The plugins should just be able to run w/o modification. Or that is the hope anyway...

Input plugins These gather data from some source (ie elasticsearch) that will then be used by a filter for analysis.

Filter plugins Filter plugins take data gathered by inputs and determine if something (ip address, user agent, etc) should have some action applied against it (blocking, allowing, etc)

Output plugins Output plugins preform actions, such as generating ban configs for nginx or adding firewall rules

Data structure There should be a general structure of how data is stored. As of now it is: $data = {plugin (usually input)} => {ipData} => [info about the ip] {pluginData} => (varies by plugin)

This way any plugin can get data about any ip, it just needs to know the source (plugin).

Data flow Data must come from inputs, however where it goes after that should be up to you. I figure each input will have a filter to analyze the data from a specific input, but there will also be more generic inputs that will do things such as whitelisting or blacklisting and prevent/make an output preform an action. Outputs on the other hand should be fairly agnostic and generate bans for any relevant data (ie nginx-ban can create ip bans for nginx-es or apache-es inputs). The output plugins should specify what input data should be used with that plugin.

Clone this wiki locally