[PATCH] Adding mod_limitipconn

Mike McGrath mmcgrath at redhat.com
Wed Aug 19 21:10:55 UTC 2009 

This will allow us for greater control against abusive clients.
Starting on secondary1 for now which seems to be the biggest problem.
---
 manifests/servergroups/secondary.pp            |    1 +
 modules/mod_limitipconn/README                 |   10 ++++++++++
 modules/mod_limitipconn/files/limitipconn.conf |   18 ++++++++++++++++++
 modules/mod_limitipconn/manifests/init.pp      |   12 ++++++++++++
 4 files changed, 41 insertions(+), 0 deletions(-)
 create mode 100644 modules/mod_limitipconn/README
 create mode 100644 modules/mod_limitipconn/files/limitipconn.conf
 create mode 100644 modules/mod_limitipconn/manifests/init.pp

diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp
index b53cff9..d5d96e5 100644
--- a/manifests/servergroups/secondary.pp
+++ b/manifests/servergroups/secondary.pp
@@ -3,6 +3,7 @@ class secondaryMirror {
     include mirrorsize-secondary
 
     include httpd::proxy
+    include mod_limitipconn::mod_limitipconn
 
     httpd::certificate { "wildcard.fedoraproject.org": }
 
diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README
new file mode 100644
index 0000000..70a5550
--- /dev/null
+++ b/modules/mod_limitipconn/README
@@ -0,0 +1,10 @@
+=====================
+mod_limitipconn
+=====================
+
+-----------
+Usage
+-----------
+
+Apache module which allows web server administrators to limit the number of
+simultaneous downloads permitted from a single IP address.
diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf
new file mode 100644
index 0000000..fb33733
--- /dev/null
+++ b/modules/mod_limitipconn/files/limitipconn.conf
@@ -0,0 +1,18 @@
+# This module will not function unless mod_status is loaded and the
+# "ExtendedStatus On" directive is set. So load only if mod_status is too.
+<IfModule mod_status.c>
+
+    # This is always needed
+    ExtendedStatus On
+
+    # mod_limitipconn configuration
+    LoadModule limitipconn_module modules/mod_limitipconn.so
+
+    # A global default configuration doesn't make much sense. See the README
+    # from the mod_limitipconn package for configuration examples.
+
+    MaxConnPerIP 3
+    OnlyIPLimit application/octet-stream
+
+</IfModule>
+
diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp
new file mode 100644
index 0000000..b643d9a
--- /dev/null
+++ b/modules/mod_limitipconn/manifests/init.pp
@@ -0,0 +1,12 @@
+
+class mod_limitipconn::mod_limitipconn {
+    package { mod_limitipconn:
+        ensure => present
+    }
+
+    file { '/etc/httpd/conf.d/limitipconn.conf':
+        source => 'puppet:///mod_limitipconn/limitipconn.conf',
+        require => Package['httpd'],
+        notify => Service['httpd']
+    }
+}
-- 
1.6.2.5

More information about the Fedora-infrastructure-list mailing list