On Wed, Aug 19, 2009 at 11:10 PM, Mike McGrath<mmcgrath@xxxxxxxxxx> wrote:
> This will allow us for greater control against abusive clients.
> Starting on secondary1 for now which seems to be the biggest problem.
> ---
> manifests/servergroups/secondary.pp | 1 +
> modules/mod_limitipconn/README | 10 ++++++++++
> modules/mod_limitipconn/files/limitipconn.conf | 18 ++++++++++++++++++
> modules/mod_limitipconn/manifests/init.pp | 12 ++++++++++++
> 4 files changed, 41 insertions(+), 0 deletions(-)
> create mode 100644 modules/mod_limitipconn/README
> create mode 100644 modules/mod_limitipconn/files/limitipconn.conf
> create mode 100644 modules/mod_limitipconn/manifests/init.pp
>
> diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp
> index b53cff9..d5d96e5 100644
> --- a/manifests/servergroups/secondary.pp
> +++ b/manifests/servergroups/secondary.pp
> @@ -3,6 +3,7 @@ class secondaryMirror {
> include mirrorsize-secondary
>
> include httpd::proxy
> + include mod_limitipconn::mod_limitipconn
>
> httpd::certificate { "wildcard.fedoraproject.org": }
>
> diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README
> new file mode 100644
> index 0000000..70a5550
> --- /dev/null
> +++ b/modules/mod_limitipconn/README
> @@ -0,0 +1,10 @@
> +=====================
> +mod_limitipconn
> +=====================
> +
> +-----------
> +Usage
> +-----------
> +
> +Apache module which allows web server administrators to limit the number of
> +simultaneous downloads permitted from a single IP address.
> diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf
> new file mode 100644
> index 0000000..fb33733
> --- /dev/null
> +++ b/modules/mod_limitipconn/files/limitipconn.conf
> @@ -0,0 +1,18 @@
> +# This module will not function unless mod_status is loaded and the
> +# "ExtendedStatus On" directive is set. So load only if mod_status is too.
> +<IfModule mod_status.c>
> +
> + # This is always needed
> + ExtendedStatus On
> +
> + # mod_limitipconn configuration
> + LoadModule limitipconn_module modules/mod_limitipconn.so
> +
> + # A global default configuration doesn't make much sense. See the README
> + # from the mod_limitipconn package for configuration examples.
> +
> + MaxConnPerIP 3
> + OnlyIPLimit application/octet-stream
> +
> +</IfModule>
> +
> diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp
> new file mode 100644
> index 0000000..b643d9a
> --- /dev/null
> +++ b/modules/mod_limitipconn/manifests/init.pp
> @@ -0,0 +1,12 @@
> +
> +class mod_limitipconn::mod_limitipconn {
> + package { mod_limitipconn:
> + ensure => present
> + }
> +
> + file { '/etc/httpd/conf.d/limitipconn.conf':
> + source => 'puppet:///mod_limitipconn/limitipconn.conf',
> + require => Package['httpd'],
> + notify => Service['httpd']
> + }
> +}
> --
> 1.6.2.5
>
Note that you should also think about people behind proxies. 3 could
be really short.
--
Xavier.t Lamien
--
http://fedoraproject.org/wiki/XavierLamien
GPG-Key ID: F3903DEB
Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
