1 class roles::security_tracker {
3 include apache2::proxy_http
4 include apache2::expires
6 # security-tracker abusers
7 # 66.170.99.1 20189796 excessive number of requests
8 # 66.170.99.2 20189796 excessive number of requests
9 @ferm::rule { 'dsa-sectracker-abusers':
11 rule => "saddr (66.170.99.1 66.170.99.2) DROP",
15 ssl::service { 'security-tracker.debian.org':
16 notify => Exec['service apache2 reload'],
20 apache2::site { 'security-tracker.debian.org':
21 site => 'security-tracker.debian.org',
22 content => template('roles/apache-security-tracker.debian.org.conf.erb')
25 # traffic shaping http traffic
26 @ferm::rule { 'dsa-security-tracker-shape':
29 rule => "proto tcp sport 443 MARK set-mark 20",
32 file { '/usr/local/sbin/traffic-shape':
34 content => template('roles/security-tracker/traffic-shape'),
35 notify => Exec['/usr/local/sbin/traffic-shape'],
37 exec { '/usr/local/sbin/traffic-shape':