projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix dacs.conf for now
[mirror/dsa-puppet.git] / modules / apache2 / manifests / init.pp
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index fbb45a4..cfadaf1 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -154,7 +154,7 @@ class apache2 {
     }
 
     case $hostname {
-        busoni,duarte,holter,lindberg,master,merkel,morricone,powell,rore: {
+        busoni,duarte,holter,lindberg,master,powell,rore: {
             @ferm::rule { "dsa-http-limit":
                 prio            => "20",
                 description     => "limit HTTP DOS",
@@ -195,15 +195,24 @@ class apache2 {
                                     mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
                                     jump http_limit'
             }
+            @ferm::rule { "dsa-http-baidu":
+                prio            => "21",
+                description     => "slow baidu spider",
+                chain           => 'limit_baidu',
+                rule            => '
+                                    mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
+                                    jump http_limit'
+            }
             @ferm::rule { "dsa-http-rules":
                 prio            => "22",
                 description     => "http subchain",
                 chain           => 'http',
                 rule            => '
-                                    saddr ( 128.30.0.0/16 74.6.22.182 74.6.18.240 67.195.0.0/16 ) jump limit_yahoo;
+                                    saddr ( 74.6.22.182 74.6.18.240 67.195.0.0/16 ) jump limit_yahoo;
                                     saddr 124.115.0.0/21 jump limit_sosospider;
                                     saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
                                     saddr (66.249.64.0/19) jump limit_google;
+                                    saddr (119.63.192.0/21 180.76.0.0/16) jump limit_baidu;
 
                                     mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
                                     mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
Unnamed repository; edit this file 'description' to name the repository.