For help on how to use this file please refer http://www.rejetto.com/wiki/?title=HFS:_Event_scripts [init] {.add to log|anti brute-force running.} {.set|#BRUTE_MAX|5.} {.set|#BRUTE_MINUTES|5.} [unauthorized] {.set table|#bruteCount|%ip%={.calc| {.from table|#bruteCount|%ip%.}+1 .}.} {.set|#bruteLast%ip%|{.time|y.}.} [every 5 sec] {.set|now|{.time|y.}.} {.for line|var=#bruteCount|{: {.set|ipvar|#bruteLast{.^line-key.}.} {.set|minutes| {.calc|({.^now.} - {.^{.^ipvar.}.}) *24*60.} .} {.if|{.and|{.{.^minutes.} >= {.^#BRUTE_MINUTES.}.} | {.^line-value.}.}|{: {.dec|line-value.} {.set|{.^ipvar.}|var=now.} {.set table|#bruteCount|{.^line-key.}={.or|{.^line-value.}|.}.} {.comment|the 'or' will cause 0 to become empty, thus clearing the line of the table.} :}.} :}.} [pre-filter-request] {.disconnection reason|too many failures, wait 1 minute|if={.{.from table|#bruteCount|%ip%.} >= {.^#BRUTE_MAX.}.} .}