From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 23 Dec 2018 09:25:19 +0000 (+0100)
Subject: for snapshot, disable keep-alive so we can rate-limit better
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=89395035e7032a56e0071ccd4c19475ddd43d361;p=mirror%2Fdsa-puppet.git

for snapshot, disable keep-alive so we can rate-limit better
---

diff --git a/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb b/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb
index 25e6d1275..8659b637f 100644
--- a/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb
+++ b/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb
@@ -25,3 +25,13 @@ sub vcl_purge {
     return(restart);
   }
 }
+
+# We rate-limit requests by clients.
+#  Currently, we do that at the netfilter level, so one
+#  request per connection works best.
+sub vcl_deliver {
+  if (remote.ip != "127.0.0.1" &&
+      remote.ip != "::1") {
+    set resp.http.connection = "close";
+  }
+}