1

I am looking for a way to only catch specific issues that occur after a certain threshold, over a given time frame.

e.g.

  1. My web applications uses a set of keys send over POST
  2. I am whitelisting the keys so I am only looking for specific keys within POST to be used by the application
  3. But, I want to keep track of any keys that are unusual and not part of my list
  4. But, I don't want to track each and every occurrence of a non-listed key - in case this is just a bot trying to get through
  5. But, once a specific non-listed key hits a threshold - say 100 times in a week - I want to log it.

How can I accomplish this using Perl, ideally with something like log4Perl?

Thank you!

Gratus D.
  • 787
  • 7
  • 22
  • Wait, you *don't* want to know when a bot is trying to access your site? That seems...odd. Regardless, you will probably need to store the key totals somewhere persistent like a file or database and check them periodically in your application. – ThisSuitIsBlackNot Jan 21 '15 at 17:36
  • I can use server logs to find out when a bot came - this is just to find out when a specific key gets POSTed many times. – Gratus D. Jan 21 '15 at 17:39

1 Answers1

2

I think the answer would be 'use a hash'.

Define a hash in your app. Every time a bad request came in, extract the unique key, increment the hash value for that key. Once the value hits a threshold, spit out a warning. (And then reset it).

If you need cross-session persistence, you could probably use something like Storable to load and save the 'invalid requests' table.

Sobrique
  • 52,974
  • 7
  • 60
  • 101