require => Package["apache2"],
notify => Exec["reload-apache2"];
+ "/etc/apache2/sites-available/common-ssl.inc":
+ source => [ "puppet:///modules/apache2/per-host/$fqdn//etc/apache2/sites-available/common-ssl.inc",
+ "puppet:///modules/apache2/common/etc/apache2/sites-available/common-ssl.inc" ],
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+
"/etc/logrotate.d/apache2":
source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/logrotate.d/apache2",
"puppet:///modules/apache2/common/etc/logrotate.d/apache2" ];
refreshonly => true;
}
case $hostname {
- chopin,franck,morricone: {
+ chopin,franck,morricone,bizet: {
package {
"libapache2-mod-macro": ensure => installed;
}
}
case $hostname {
- busoni,duarte,holter,lindberg,master,merkel,powell,rore: {
+ busoni,duarte,holter,lindberg,master,powell,rore: {
@ferm::rule { "dsa-http-limit":
prio => "20",
description => "limit HTTP DOS",
mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
jump http_limit'
}
+ @ferm::rule { "dsa-http-baidu":
+ prio => "21",
+ description => "slow baidu spider",
+ chain => 'limit_baidu',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
+ jump http_limit'
+ }
@ferm::rule { "dsa-http-rules":
prio => "22",
description => "http subchain",
saddr 124.115.0.0/21 jump limit_sosospider;
saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
saddr (66.249.64.0/19) jump limit_google;
+ saddr (123.125.71.0/24 119.63.192.0/21 180.76.0.0/16) jump limit_baidu;
mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
projects / mirror / dsa-puppet.git / blobdiff