#!/usr/bin/perl -w

use strict;
use warnings;
use POSIX qw(strftime);

my $pattern = "\"GET \/ HTTP\/"; # request index page pattern
my $httpd_log = "/var/log/httpd-access.log"; # log file 
my $ok = "1000"; # allowed connections per ip for $check_period
my $check_period = 1; # check period in hours

my $date = strftime("%d/%b/%Y:%H", localtime(time-$check_period*3600)); # date minus $check_period hours
my (%ips, $ip, $start);

open (LOG, $httpd_log) or die $!;
while (<LOG>) {
        next unless m/$date/ || $start; # skipping old records
        $start=1;
        if (/^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*$pattern/go) { # getting ips
                $ips{$1}++;
        }
}
close LOG;

foreach $ip (keys %ips) {
        if ($ips{$ip} >= $ok) { #
                print "$ip = $ips{$ip}\n"; next; # comment out this line if you want to modify firewall rules and uncomment one of the following
                #system("/sbin/pfctl -t bots -T add $ip"); # adding address to table <bots> 
                #system("/sbin/ipfw table 5 add $ip"); # adding address to table 5
                #system("/sbin/iptables -A INPUT -s $ip -j REJECT"); # adding denying rule
        }
}