On Wed, Aug 19, 2009 at 11:10 PM, Mike McGrath<mmcgrath(a)redhat.com> wrote:
This will allow us for greater control against abusive clients.
Starting on secondary1 for now which seems to be the biggest problem.
---
manifests/servergroups/secondary.pp | 1 +
modules/mod_limitipconn/README | 10 ++++++++++
modules/mod_limitipconn/files/limitipconn.conf | 18 ++++++++++++++++++
modules/mod_limitipconn/manifests/init.pp | 12 ++++++++++++
4 files changed, 41 insertions(+), 0 deletions(-)
create mode 100644 modules/mod_limitipconn/README
create mode 100644 modules/mod_limitipconn/files/limitipconn.conf
create mode 100644 modules/mod_limitipconn/manifests/init.pp
diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp
index b53cff9..d5d96e5 100644
--- a/manifests/servergroups/secondary.pp
+++ b/manifests/servergroups/secondary.pp
@@ -3,6 +3,7 @@ class secondaryMirror {
include mirrorsize-secondary
include httpd::proxy
+ include mod_limitipconn::mod_limitipconn
httpd::certificate { "wildcard.fedoraproject.org": }
diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README
new file mode 100644
index 0000000..70a5550
--- /dev/null
+++ b/modules/mod_limitipconn/README
@@ -0,0 +1,10 @@
+=====================
+mod_limitipconn
+=====================
+
+-----------
+Usage
+-----------
+
+Apache module which allows web server administrators to limit the number of
+simultaneous downloads permitted from a single IP address.
diff --git a/modules/mod_limitipconn/files/limitipconn.conf
b/modules/mod_limitipconn/files/limitipconn.conf
new file mode 100644
index 0000000..fb33733
--- /dev/null
+++ b/modules/mod_limitipconn/files/limitipconn.conf
@@ -0,0 +1,18 @@
+# This module will not function unless mod_status is loaded and the
+# "ExtendedStatus On" directive is set. So load only if mod_status is too.
+<IfModule mod_status.c>
+
+ # This is always needed
+ ExtendedStatus On
+
+ # mod_limitipconn configuration
+ LoadModule limitipconn_module modules/mod_limitipconn.so
+
+ # A global default configuration doesn't make much sense. See the README
+ # from the mod_limitipconn package for configuration examples.
+
+ MaxConnPerIP 3
+ OnlyIPLimit application/octet-stream
+
+</IfModule>
+
diff --git a/modules/mod_limitipconn/manifests/init.pp
b/modules/mod_limitipconn/manifests/init.pp
new file mode 100644
index 0000000..b643d9a
--- /dev/null
+++ b/modules/mod_limitipconn/manifests/init.pp
@@ -0,0 +1,12 @@
+
+class mod_limitipconn::mod_limitipconn {
+ package { mod_limitipconn:
+ ensure => present
+ }
+
+ file { '/etc/httpd/conf.d/limitipconn.conf':
+ source => 'puppet:///mod_limitipconn/limitipconn.conf',
+ require => Package['httpd'],
+ notify => Service['httpd']
+ }
+}
--
1.6.2.5
Note that you should also think about people behind proxies. 3 could
be really short.
--
Xavier.t Lamien
--
http://fedoraproject.org/wiki/XavierLamien
GPG-Key ID: F3903DEB
Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB