include apache2::proxy_http
include apache2::expires
+ apache2::module { 'cache_disk':
+ ensure => absent,
+ }
+
+ # security-tracker abusers
+ # 66.170.99.1 20180706 excessive number of requests
+ # 66.170.99.2 20180706 excessive number of requests
+ @ferm::rule { 'dsa-sectracker-abusers':
+ prio => "005",
+ rule => "saddr (66.170.99.1 66.170.99.2) DROP",
+ }
+
+
ssl::service { 'security-tracker.debian.org':
notify => Exec['service apache2 reload'],
key => true,
}
# traffic shaping http traffic
- @ferm::rule { 'dsa-security-tracker-shape':
- table => 'mangle',
- chain => 'OUTPUT',
- rule => "proto tcp dport 443 MARK set-mark 20",
- }
+ #@ferm::rule { 'dsa-security-tracker-shape':
+ # table => 'mangle',
+ # chain => 'OUTPUT',
+ # rule => "proto tcp sport 443 MARK set-mark 20",
+ #}
file { '/usr/local/sbin/traffic-shape':
mode => '0755',