From 89395035e7032a56e0071ccd4c19475ddd43d361 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 23 Dec 2018 10:25:19 +0100
Subject: [PATCH] for snapshot, disable keep-alive so we can rate-limit better

---
 .../templates/snapshot/snapshot.debian.org.vcl.erb     | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb b/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb
index 25e6d1275..8659b637f 100644
--- a/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb
+++ b/modules/roles/templates/snapshot/snapshot.debian.org.vcl.erb
@@ -25,3 +25,13 @@ sub vcl_purge {
     return(restart);
   }
 }
+
+# We rate-limit requests by clients.
+#  Currently, we do that at the netfilter level, so one
+#  request per connection works best.
+sub vcl_deliver {
+  if (remote.ip != "127.0.0.1" &&
+      remote.ip != "::1") {
+    set resp.http.connection = "close";
+  }
+}
-- 
2.20.1