Re: [PATCH] Adding mod_limitipconn

This will allow us for greater control against abusive clients. Starting on secondary1 for now which seems to be the biggest problem. ---  manifests/servergroups/secondary.pp            |    1 +  modules/mod_limitipconn/README                 |   10 ++++++++++  modules/mod_limitipconn/files/limitipconn.conf |   18 ++++++++++++++++++  modules/mod_limitipconn/manifests/init.pp      |   12 ++++++++++++  4 files changed, 41 insertions(+), 0 deletions(-)  create mode 100644 modules/mod_limitipconn/README  create mode 100644 modules/mod_limitipconn/files/limitipconn.conf  create mode 100644 modules/mod_limitipconn/manifests/init.pp diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp index b53cff9..d5d96e5 100644 --- a/manifests/servergroups/secondary.pp +++ b/manifests/servergroups/secondary.pp @@ -3,6 +3,7 @@ class secondaryMirror {     include mirrorsize-secondary     include httpd::proxy +    include mod_limitipconn::mod_limitipconn     httpd::certificate { "wildcard.fedoraproject.org": } diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README new file mode 100644 index 0000000..70a5550 --- /dev/null +++ b/modules/mod_limitipconn/README @@ -0,0 +1,10 @@ +===================== +mod_limitipconn +===================== + +----------- +Usage +----------- + +Apache module which allows web server administrators to limit the number of +simultaneous downloads permitted from a single IP address. diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf new file mode 100644 index 0000000..fb33733 --- /dev/null +++ b/modules/mod_limitipconn/files/limitipconn.conf @@ -0,0 +1,18 @@ +# This module will not function unless mod_status is loaded and the +# "ExtendedStatus On" directive is set. So load only if mod_status is too. +<IfModule mod_status.c> + +    # This is always needed +    ExtendedStatus On + +    # mod_limitipconn configuration +    LoadModule limitipconn_module modules/mod_limitipconn.so + +    # A global default configuration doesn't make much sense. See the README +    # from the mod_limitipconn package for configuration examples. + +    MaxConnPerIP 3 +    OnlyIPLimit application/octet-stream + +</IfModule> + diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp new file mode 100644 index 0000000..b643d9a --- /dev/null +++ b/modules/mod_limitipconn/manifests/init.pp @@ -0,0 +1,12 @@ + +class mod_limitipconn::mod_limitipconn { +    package { mod_limitipconn: +        ensure => present +    } + +    file { '/etc/httpd/conf.d/limitipconn.conf': +        source => 'puppet:///mod_limitipconn/limitipconn.conf', +        require => Package['httpd'], +        notify => Service['httpd'] +    } +} -- 1.6.2.5