aboutsummaryrefslogtreecommitdiff
path: root/manifests/vserver.pp
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-11-10 18:03:10 -0200
committerSilvio Rhatto <rhatto@riseup.net>2011-11-10 18:03:10 -0200
commitf800dcdec71dc594940a94aba45c5dee024ce6e8 (patch)
tree6ad044960a19dbf5732130fcc489ab0d476d05c2 /manifests/vserver.pp
parentd548cdb7acb8d8ffaf7bdfae14dc9cf3f16fcdbc (diff)
downloadpuppet-nodo-f800dcdec71dc594940a94aba45c5dee024ce6e8.tar.gz
puppet-nodo-f800dcdec71dc594940a94aba45c5dee024ce6e8.tar.bz2
SSL computational DoS mitigation (3)
Diffstat (limited to 'manifests/vserver.pp')
-rw-r--r--manifests/vserver.pp20
1 files changed, 10 insertions, 10 deletions
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index 67ece43..d59bcd6 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -3,16 +3,6 @@ class nodo::vserver inherits nodo {
include timezone
include syslog-ng::vserver
- # SSL computational DoS mitigation
- # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
- $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
- '' => $firewall_global_ssl_ratelimit ? {
- '' => '-',
- default => $firewall_global_ssl_ratelimit,
- },
- default => $firewall_ssl_ratelimit,
- }
-
backupninja::sys { "sys":
ensure => present,
partitions => false,
@@ -130,6 +120,16 @@ class nodo::vserver inherits nodo {
}
}
+ # SSL computational DoS mitigation
+ # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
+ $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
+ '' => $firewall_global_ssl_ratelimit ? {
+ '' => '-',
+ default => $firewall_global_ssl_ratelimit,
+ },
+ default => $firewall_ssl_ratelimit,
+ }
+
# Apply firewall rules just for running vservers
case $ensure {
'running': {