+ # rate limit accesses. The chain is set up by the apache module and allow happens at prio 90.
+ ferm::rule { 'dsa-http-snapshot-limit':
+ prio => '22',
+ description => 'rate limit for snapshot',
+ chain => 'http',
+ domain => '(ip ip6)',
+ rule => '
+ mod hashlimit hashlimit-name HTTPDOSPRE hashlimit-mode srcip hashlimit-burst 10 hashlimit 6/minute jump ACCEPT;
+ mod recent name HTTPDOS update seconds 900 jump log_or_drop;
+ mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 200 hashlimit 30/minute jump ACCEPT;
+ mod recent name HTTPDOS set jump log_or_drop'
+ }
+