diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2011-11-10 18:03:10 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2011-11-10 18:03:10 -0200 |
| commit | f800dcdec71dc594940a94aba45c5dee024ce6e8 (patch) | |
| tree | 6ad044960a19dbf5732130fcc489ab0d476d05c2 /manifests | |
| parent | d548cdb7acb8d8ffaf7bdfae14dc9cf3f16fcdbc (diff) | |
| download | puppet-nodo-f800dcdec71dc594940a94aba45c5dee024ce6e8.tar.gz puppet-nodo-f800dcdec71dc594940a94aba45c5dee024ce6e8.tar.bz2 | |
SSL computational DoS mitigation (3)
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/vserver.pp | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/manifests/vserver.pp b/manifests/vserver.pp index 67ece43..d59bcd6 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -3,16 +3,6 @@ class nodo::vserver inherits nodo { include timezone include syslog-ng::vserver - # SSL computational DoS mitigation - # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { - '' => $firewall_global_ssl_ratelimit ? { - '' => '-', - default => $firewall_global_ssl_ratelimit, - }, - default => $firewall_ssl_ratelimit, - } - backupninja::sys { "sys": ensure => present, partitions => false, @@ -130,6 +120,16 @@ class nodo::vserver inherits nodo { } } + # SSL computational DoS mitigation + # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html + $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { + '' => $firewall_global_ssl_ratelimit ? { + '' => '-', + default => $firewall_global_ssl_ratelimit, + }, + default => $firewall_ssl_ratelimit, + } + # Apply firewall rules just for running vservers case $ensure { 'running': { |