- @ferm::rule { "dsa-http-limit":
- prio => "20",
- description => "limit HTTP DOS",
- rule => "chain 'http_limit' { mod limit limit-burst 60 limit 15/minute jump ACCEPT; jump DROP; }"
- }
- @ferm::rule { "dsa-http-soso":
- prio => "21",
- description => "slow yahoo spider",
- rule => "chain 'limit_sosospider' { mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP; jump http_limit; }"
- }
- @ferm::rule { "dsa-http-yahoo":
- prio => "21",
- description => "slow yahoo spider",
- rule => "chain 'limit_yahoo' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }"
- }
- @ferm::rule { "dsa-http-rules":
- prio => "22",
- description => "http subchain",
- rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
- }
- @ferm::rule { "dsa-http":
- prio => "23",
- description => "Allow web access",
- rule => "proto tcp dport http jump http;"
+ apache2::config { 'logformat-privacy':
+ source => 'puppet:///modules/apache2/logformat-privacy',
+ }
+
+ apache2::config { 'local-serverinfo':
+ source => 'puppet:///modules/apache2/local-serverinfo',
+ }
+
+ apache2::config { 'server-status':
+ source => 'puppet:///modules/apache2/server-status',
+ }
+
+ apache2::config { 'puppet-ssl-macros':
+ source => 'puppet:///modules/apache2/puppet-ssl-macros',
+ }
+
+ apache2::config { 'puppet-ftp-macros':
+ source => 'puppet:///modules/apache2/puppet-ftp-macros',
+ }
+
+ apache2::config { 'puppet-config':
+ content => template('apache2/puppet-config.erb'),
+ }
+
+ apache2::config { 'headers':
+ source => 'puppet:///modules/apache2/headers',
+ }
+
+ apache2::config { 'disabled-service':
+ source => 'puppet:///modules/apache2/disabled-service',
+ }
+
+ apache2::module { 'mpm_event': ensure => absent }
+ apache2::module { 'mpm_worker' : ensure => ($mpm == 'worker' ) ? { true => 'present', default => absent } }
+ apache2::module { 'mpm_prefork': ensure => ($mpm == 'prefork') ? { true => 'present', default => absent } }
+
+ file { '/etc/apache2/mods-available/mpm_worker.conf':
+ content => template('apache2/mpm_worker.erb'),
+ }
+
+ file { '/etc/logrotate.d/apache2':
+ source => 'puppet:///modules/apache2/apache2.logrotate',
+ }
+
+ file { '/var/log/apache2':
+ ensure => directory,
+ mode => '0755',
+ }
+ file { '/var/log/apache2/.nobackup':
+ mode => '0644',
+ content => '',
+ }
+
+ munin::check { 'apache_accesses': }
+ munin::check { 'apache_processes': }
+ munin::check { 'apache_volume': }
+ munin::check { 'apache_servers': }
+ munin::check { 'ps_apache2':
+ script => 'ps_',
+ }
+ # The munin script needs this
+ package { 'libwww-perl':
+ ensure => installed,
+ }
+
+ if $public {
+ ferm::rule { 'dsa-http':
+ prio => '23',
+ description => 'A web subchain',
+ domain => '(ip ip6)',
+ rule => 'proto tcp dport (http https 6081) jump http'