projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
stop using virtual resources for ferm::rule
[mirror/dsa-puppet.git]
/
modules
/
apache2
/
manifests
/
dynamic.pp
diff --git
a/modules/apache2/manifests/dynamic.pp
b/modules/apache2/manifests/dynamic.pp
index
3a790b2
..
4d181d6
100644
(file)
--- a/
modules/apache2/manifests/dynamic.pp
+++ b/
modules/apache2/manifests/dynamic.pp
@@
-1,5
+1,5
@@
class apache2::dynamic {
class apache2::dynamic {
-
@
ferm::rule { 'dsa-http-limit':
+ ferm::rule { 'dsa-http-limit':
prio => '20',
description => 'limit HTTP DOS',
chain => 'http_limit',
prio => '20',
description => 'limit HTTP DOS',
chain => 'http_limit',
@@
-8,7
+8,7
@@
class apache2::dynamic {
jump DROP'
}
jump DROP'
}
-
@
ferm::rule { 'dsa-http-soso':
+ ferm::rule { 'dsa-http-soso':
prio => '21',
description => 'slow soso spider',
chain => 'limit_sosospider',
prio => '21',
description => 'slow soso spider',
chain => 'limit_sosospider',
@@
-17,7
+17,7
@@
class apache2::dynamic {
jump http_limit'
}
jump http_limit'
}
-
@
ferm::rule { 'dsa-http-yahoo':
+ ferm::rule { 'dsa-http-yahoo':
prio => '21',
description => 'slow yahoo spider',
chain => 'limit_yahoo',
prio => '21',
description => 'slow yahoo spider',
chain => 'limit_yahoo',
@@
-26,7
+26,7
@@
class apache2::dynamic {
jump http_limit'
}
jump http_limit'
}
-
@
ferm::rule { 'dsa-http-google':
+ ferm::rule { 'dsa-http-google':
prio => '21',
description => 'slow google spider',
chain => 'limit_google',
prio => '21',
description => 'slow google spider',
chain => 'limit_google',
@@
-35,7
+35,7
@@
class apache2::dynamic {
jump http_limit'
}
jump http_limit'
}
-
@
ferm::rule { 'dsa-http-bing':
+ ferm::rule { 'dsa-http-bing':
prio => '21',
description => 'slow bing spider',
chain => 'limit_bing',
prio => '21',
description => 'slow bing spider',
chain => 'limit_bing',
@@
-44,7
+44,7
@@
class apache2::dynamic {
jump http_limit'
}
jump http_limit'
}
-
@
ferm::rule { 'dsa-http-baidu':
+ ferm::rule { 'dsa-http-baidu':
prio => '21',
description => 'slow baidu spider',
chain => 'limit_baidu',
prio => '21',
description => 'slow baidu spider',
chain => 'limit_baidu',
@@
-52,7
+52,7
@@
class apache2::dynamic {
rule => 'mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
jump http_limit'
}
rule => 'mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
jump http_limit'
}
-
@
ferm::rule { 'dsa-http-nhn':
+ ferm::rule { 'dsa-http-nhn':
prio => '21',
description => 'slow nhn spider',
chain => 'limit_nhn',
prio => '21',
description => 'slow nhn spider',
chain => 'limit_nhn',
@@
-62,7
+62,7
@@
class apache2::dynamic {
}
if has_role('snapshot_web') {
}
if has_role('snapshot_web') {
-
@
ferm::rule { 'dsa-http-rules':
+ ferm::rule { 'dsa-http-rules':
prio => '22',
description => 'http subchain',
chain => 'http',
prio => '22',
description => 'http subchain',
chain => 'http',
@@
-74,7
+74,7
@@
class apache2::dynamic {
mod recent name HTTPDOS set jump log_or_drop'
}
} else {
mod recent name HTTPDOS set jump log_or_drop'
}
} else {
-
@
ferm::rule { 'dsa-http-rules':
+ ferm::rule { 'dsa-http-rules':
prio => '22',
description => 'http subchain',
chain => 'http',
prio => '22',
description => 'http subchain',
chain => 'http',
@@
-93,7
+93,7
@@
class apache2::dynamic {
}
}
}
}
-
@
ferm::rule { 'dsa-http':
+ ferm::rule { 'dsa-http':
prio => '23',
description => 'Allow web access',
domain => '(ip ip6)',
prio => '23',
description => 'Allow web access',
domain => '(ip ip6)',