snapshot: allow 6 requests per minute even to clients that we think are excessive

[mirror/dsa-puppet.git] / modules / apache2 / manifests / dynamic.pp

diff --git a/modules/apache2/manifests/dynamic.pp b/modules/apache2/manifests/dynamic.pp
index 5df01a1..b39e559 100644 (file)
--- a/modules/apache2/manifests/dynamic.pp
+++ b/modules/apache2/manifests/dynamic.pp
@@ -60,6 +60,7 @@ class apache2::dynamic {
                        description => 'http subchain',
                        chain       => 'http',
                        rule        => '
+                                       mod hashlimit hashlimit-name HTTPDOSPRE hashlimit-mode srcip hashlimit-burst 10 hashlimit 6/minute jump ACCEPT;
                                        mod recent name HTTPDOS update seconds 900 jump log_or_drop;
                                        mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 200 hashlimit 30/minute jump ACCEPT;
                                        mod recent name HTTPDOS set jump log_or_drop'