projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bad syntax
[mirror/dsa-puppet.git]
/
modules
/
apache2
/
manifests
/
init.pp
diff --git
a/modules/apache2/manifests/init.pp
b/modules/apache2/manifests/init.pp
index
a0e8106
..
22a2107
100644
(file)
--- a/
modules/apache2/manifests/init.pp
+++ b/
modules/apache2/manifests/init.pp
@@
-9,7
+9,6
@@
class apache2 {
package {
"apache2": ensure => installed;
package {
"apache2": ensure => installed;
- "logrotate": ensure => installed;
}
case $php5 {
}
case $php5 {
@@
-153,10
+152,15
@@
class apache2 {
description => "slow yahoo spider",
rule => "chain 'limit_yahoo' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }"
}
description => "slow yahoo spider",
rule => "chain 'limit_yahoo' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }"
}
+ @ferm::rule { "dsa-http-bing":
+ prio => "21",
+ description => "slow bing spider",
+ rule => "chain 'limit_bing' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }"
+ }
@ferm::rule { "dsa-http-rules":
prio => "22",
description => "http subchain",
@ferm::rule { "dsa-http-rules":
prio => "22",
description => "http subchain",
- rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
+ rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider;
saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
}
@ferm::rule { "dsa-http":
prio => "23",
}
@ferm::rule { "dsa-http":
prio => "23",