}
@ferm::rule { "dsa-http-soso":
prio => "21",
- description => "slow yahoo spider",
+ description => "slow soso spider",
chain => 'limit_sosospider',
rule => '
mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP;
jump http_limit;
'
}
+ @ferm::rule { "dsa-http-google":
+ prio => "21",
+ description => "slow google spider",
+ chain => 'limit_google',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 19 jump DROP;
+ jump http_limit;
+ '
+ }
@ferm::rule { "dsa-http-bing":
prio => "21",
description => "slow bing spider",
description => "http subchain",
chain => 'http',
rule => '
- saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo;
+ saddr ( 74.6.22.182 74.6.18.240 67.195.0.0/16 ) jump limit_yahoo;
saddr 124.115.0.0/21 jump limit_sosospider;
saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
+ saddr (66.249.64.0/19) jump limit_google;
mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
projects / mirror / dsa-puppet.git / commitdiff