infrastructure/k8s-cluster
1
0
Fork 2
Code Issues 35 Pull requests 6 Projects Releases Packages Wiki Activity Actions

hand made traefik/ddos stats #70

New issue
Open
opened 2025-12-08 12:52:56 +00:00 by earl-warren · 0 comments
earl-warren commented 2025-12-08 12:52:56 +00:00
Copy link

traefik

logs

while : ; do echo "collecting traefik-$(date +%F)*" ; kubectl logs --tail=1 -f --all-pods -n kube-system deployment/traefik < /dev/null >> /srv/traefik/traefik-$(date +%F:%T).log ; zstd --rm traefik-*.log ; sleep 60 ; done

stats

$ bash stats.sh 2025-05-03 'traefik-2025-05-0[23]*' forgejo-code
|             date/UTC | accepted |  blocked |    total |  blocked% |
|---|---|---|---|---|
|         03/May/2025: |    16981 |     1304 |    18285 |        7% |
|      03/May/2025:00: |     5840 |      434 |     6274 |        6% |
|      03/May/2025:01: |     5599 |      418 |     6017 |        6% |
|      03/May/2025:02: |     4728 |      322 |     5050 |        6% |
|      03/May/2025:03: |     1913 |       67 |     1980 |        3% |
|      03/May/2025:04: |     1574 |       50 |     1624 |        3% |
|      03/May/2025:05: |      810 |       22 |      832 |        2% |

ddos random data

logs

while : ; do echo collecting $(date +%F:%T) ; kubectl --tail=1 -f --all-pods -n forgejo-code logs  deployment/randomfile < /dev/null >> /srv/traefik/$(date +%F:%T)-ddos.log ; sleep 60 ; done

stats

rsync --inplace --progress -z debian@hetzner06.forgejo.org:/srv/traefik/*ddos.log /tmp/ddos/ && grep -v '38;5;6mnginx' /tmp/ddos/*.log | cut -f2- -d' ' > /tmp/logs && goaccess /tmp/logs

Anubis challenges

zstdcat traefik-2025-05-0[45]* | grep forgejo-code | grep -v RunnerService | grep -v 'GET /v2/'  | sed -n -e 's|.*HTTP/..." \([0-9][0-9]*\) .*|\1|p' | sort | uniq -c

code.forgejo.org logs

rsync --inplace --progress -vaz debian@hetzner06.forgejo.org:/precious/k8s/forgejo-code/log/ /tmp/log/ && ( zcat /tmp/log/access.log*.gz ; cat /tmp/log/access.log ) | grep -v RunnerService | grep -v '/v2' > /tmp/access.log && goaccess /tmp/access.log

ip ranges

bash stats.sh 2025-11-26 'traefik-2025-11-2[65]*' forgejo-code-anubis-code-forgejo
cat 2025-11-26.log | grep -v RunnerService | grep -v 'GET /v2/' | cut -f1 -d ' ' | grep -v ':' | sort -u > 2025-11-26-current.ips
wget -c "https://code.forgejo.org/forgejo/ipranges/raw/branch/main/ipranges.txt"
cat ipranges.txt | while read cidr ; do match=$(grepcidr -c -e $cidr < 2025-11-26-current.ips) ; if test $match -gt 0 ; then echo $match $cidr; fi ; done | sort -rn > 2025-11-26-ip-ranges-usage
# percentage of blocked IPs when blocking the top IP ranges
topn=50 ; ips=2025-04-17-current.ips ; usage=2025-04-17-ip-ranges-usage ; used=$(head -$topn $usage | awk -F' ' '{sum+=$1;} END{print sum;}') ; expr $used \* 100 / $(wc -l < $ips)
# traefik block list
topn=50 ; ( head -$topn < 2025-11-26-ip-ranges-usage | cut -f2 -d' ' | while read range ; do echo -n '`) || ClientIP(`'$range ; done ; echo '`)' ) | sed -e 's/^`) || //' | pastebinit

Given the sorted top IP ranges calculated above (2025-11-26-ip-ranges-usage), how many of them should be blocked to achieve 40% block if applied to the list if IP collected today (2025-11-26-current.ips)?

percent=40 ; ips=2025-11-26-current.ips ; ranges=2025-11-26-ip-ranges-usage ; total=0 ; goal=$(expr \( $(wc -l < $ips) \* $percent \) / 100) ; cat $ranges | cut -f2 -d' ' | while read cidr ; do blocked=$(grepcidr -c -e $cidr $ips) ;  total=$(expr $total + $blocked) ; echo $cidr $blocked $total $goal ; if test $total -gt $goal ; then break ; fi ; done

The result is 555 IP ranges which is not far from the 37% achieved by blocking the top 500 on 24 April.

## traefik ### logs ```sh while : ; do echo "collecting traefik-$(date +%F)*" ; kubectl logs --tail=1 -f --all-pods -n kube-system deployment/traefik < /dev/null >> /srv/traefik/traefik-$(date +%F:%T).log ; zstd --rm traefik-*.log ; sleep 60 ; done ``` ### stats ```sh $ bash stats.sh 2025-05-03 'traefik-2025-05-0[23]*' forgejo-code | date/UTC | accepted | blocked | total | blocked% | |---|---|---|---|---| | 03/May/2025: | 16981 | 1304 | 18285 | 7% | | 03/May/2025:00: | 5840 | 434 | 6274 | 6% | | 03/May/2025:01: | 5599 | 418 | 6017 | 6% | | 03/May/2025:02: | 4728 | 322 | 5050 | 6% | | 03/May/2025:03: | 1913 | 67 | 1980 | 3% | | 03/May/2025:04: | 1574 | 50 | 1624 | 3% | | 03/May/2025:05: | 810 | 22 | 832 | 2% | ``` ## ddos random data ### logs ```sh while : ; do echo collecting $(date +%F:%T) ; kubectl --tail=1 -f --all-pods -n forgejo-code logs deployment/randomfile < /dev/null >> /srv/traefik/$(date +%F:%T)-ddos.log ; sleep 60 ; done ``` ## stats ```sh rsync --inplace --progress -z debian@hetzner06.forgejo.org:/srv/traefik/*ddos.log /tmp/ddos/ && grep -v '38;5;6mnginx' /tmp/ddos/*.log | cut -f2- -d' ' > /tmp/logs && goaccess /tmp/logs ``` ## Anubis challenges ```sh zstdcat traefik-2025-05-0[45]* | grep forgejo-code | grep -v RunnerService | grep -v 'GET /v2/' | sed -n -e 's|.*HTTP/..." \([0-9][0-9]*\) .*|\1|p' | sort | uniq -c ``` ## code.forgejo.org logs ``` rsync --inplace --progress -vaz debian@hetzner06.forgejo.org:/precious/k8s/forgejo-code/log/ /tmp/log/ && ( zcat /tmp/log/access.log*.gz ; cat /tmp/log/access.log ) | grep -v RunnerService | grep -v '/v2' > /tmp/access.log && goaccess /tmp/access.log ``` ## ip ranges ```sh bash stats.sh 2025-11-26 'traefik-2025-11-2[65]*' forgejo-code-anubis-code-forgejo cat 2025-11-26.log | grep -v RunnerService | grep -v 'GET /v2/' | cut -f1 -d ' ' | grep -v ':' | sort -u > 2025-11-26-current.ips wget -c "https://code.forgejo.org/forgejo/ipranges/raw/branch/main/ipranges.txt" cat ipranges.txt | while read cidr ; do match=$(grepcidr -c -e $cidr < 2025-11-26-current.ips) ; if test $match -gt 0 ; then echo $match $cidr; fi ; done | sort -rn > 2025-11-26-ip-ranges-usage # percentage of blocked IPs when blocking the top IP ranges topn=50 ; ips=2025-04-17-current.ips ; usage=2025-04-17-ip-ranges-usage ; used=$(head -$topn $usage | awk -F' ' '{sum+=$1;} END{print sum;}') ; expr $used \* 100 / $(wc -l < $ips) # traefik block list topn=50 ; ( head -$topn < 2025-11-26-ip-ranges-usage | cut -f2 -d' ' | while read range ; do echo -n '`) || ClientIP(`'$range ; done ; echo '`)' ) | sed -e 's/^`) || //' | pastebinit ``` Given the sorted top IP ranges calculated above (`2025-11-26-ip-ranges-usage`), how many of them should be blocked to achieve 40% block if applied to the list if IP collected today (`2025-11-26-current.ips`)? ```sh percent=40 ; ips=2025-11-26-current.ips ; ranges=2025-11-26-ip-ranges-usage ; total=0 ; goal=$(expr \( $(wc -l < $ips) \* $percent \) / 100) ; cat $ranges | cut -f2 -d' ' | while read cidr ; do blocked=$(grepcidr -c -e $cidr $ips) ; total=$(expr $total + $blocked) ; echo $cidr $blocked $total $goal ; if test $total -gt $goal ; then break ; fi ; done ``` The result is 555 IP ranges which is not far from the 37% achieved by blocking the top 500 on 24 April.
stats.txt
1.3 KiB
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
renovate/ghcr.io-visualon-roundcube-1.6.11
renovate/ghcr.io-visualon-nginx-1.28.0
renovate/bitnami-valkey-9.0.0
renovate/bitnami-kubectl-1.34.2
renovate/ghcr.io-traefik-traefik-3.x
feat/v7-anubis-policy
No results found.
Labels
Clear labels   
bug

Something is not working

  
cleanup

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
forgefriends

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  
help wanted

Need some help

  
hetzner

Hetzner related problems and work items.

  
invalid

Something is wrong

  
label workflow

a workflow is associated with this issue and will trigger when labels are updated

  
need more info

   
question

More information is needed

  
refactor

No functional change, reorganization

  
static-site

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/sync.yml

  
sync

https://code.forgejo.org/infrastructure/k8s-cluster/src/branch/main/.forgejo/workflows/build.yml

  
wontfix

This won't be fixed

No labels
bug
cleanup
duplicate
enhancement
forgefriends
help wanted
hetzner
invalid
label workflow
need more info
question
refactor
static-site
sync
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
infrastructure/k8s-cluster#70
No description provided.