class apache2::dynamic {
- @ferm::rule { 'dsa-http-limit':
+ ferm::rule { 'dsa-http-limit':
prio => '20',
description => 'limit HTTP DOS',
chain => 'http_limit',
jump DROP'
}
- @ferm::rule { 'dsa-http-soso':
+ ferm::rule { 'dsa-http-soso':
prio => '21',
description => 'slow soso spider',
chain => 'limit_sosospider',
jump http_limit'
}
- @ferm::rule { 'dsa-http-yahoo':
+ ferm::rule { 'dsa-http-yahoo':
prio => '21',
description => 'slow yahoo spider',
chain => 'limit_yahoo',
jump http_limit'
}
- @ferm::rule { 'dsa-http-google':
+ ferm::rule { 'dsa-http-google':
prio => '21',
description => 'slow google spider',
chain => 'limit_google',
jump http_limit'
}
- @ferm::rule { 'dsa-http-bing':
+ ferm::rule { 'dsa-http-bing':
prio => '21',
description => 'slow bing spider',
chain => 'limit_bing',
jump http_limit'
}
- @ferm::rule { 'dsa-http-baidu':
+ ferm::rule { 'dsa-http-baidu':
prio => '21',
description => 'slow baidu spider',
chain => 'limit_baidu',
rule => 'mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
jump http_limit'
}
- @ferm::rule { 'dsa-http-nhn':
+ ferm::rule { 'dsa-http-nhn':
prio => '21',
description => 'slow nhn spider',
chain => 'limit_nhn',
}
if has_role('snapshot_web') {
- @ferm::rule { 'dsa-http-rules':
+ ferm::rule { 'dsa-http-rules':
prio => '22',
description => 'http subchain',
chain => 'http',
mod recent name HTTPDOS set jump log_or_drop'
}
} else {
- @ferm::rule { 'dsa-http-rules':
+ ferm::rule { 'dsa-http-rules':
prio => '22',
description => 'http subchain',
chain => 'http',
}
}
- @ferm::rule { 'dsa-http':
+ ferm::rule { 'dsa-http':
prio => '23',
description => 'Allow web access',
domain => '(ip ip6)',
projects / mirror / dsa-puppet.git / blobdiff