aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-11-10 17:50:33 -0200
committerSilvio Rhatto <rhatto@riseup.net>2011-11-10 17:50:33 -0200
commitd548cdb7acb8d8ffaf7bdfae14dc9cf3f16fcdbc (patch)
tree9a252e9e533c2ea0a6874e257bc59e3bd4cbf450
parent9df7b3074a33f1c4fd56260b63131926952d11c9 (diff)
downloadpuppet-nodo-d548cdb7acb8d8ffaf7bdfae14dc9cf3f16fcdbc.tar.gz
puppet-nodo-d548cdb7acb8d8ffaf7bdfae14dc9cf3f16fcdbc.tar.bz2
SSL computational DoS mitigation (2)
-rw-r--r--manifests/vserver.pp10
1 files changed, 10 insertions, 0 deletions
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index 02448da..67ece43 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -3,6 +3,16 @@ class nodo::vserver inherits nodo {
include timezone
include syslog-ng::vserver
+ # SSL computational DoS mitigation
+ # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
+ $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
+ '' => $firewall_global_ssl_ratelimit ? {
+ '' => '-',
+ default => $firewall_global_ssl_ratelimit,
+ },
+ default => $firewall_ssl_ratelimit,
+ }
+
backupninja::sys { "sys":
ensure => present,
partitions => false,