]> git.openstreetmap.org Git - chef.git/blobdiff - roles/web-frontend.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Tighten mod_evasive restrictions for the main site
[chef.git] / roles / web-frontend.rb
diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb
index b6d80ae8c2fb04a1b9b8a9179d0d9ae55dd87a39..8e8fa817d0381e095a29523c02f9e0ab42661e20 100644 (file)
--- a/roles/web-frontend.rb
+++ b/roles/web-frontend.rb
@@ -4,6 +4,11 @@ description "Role applied to all web/api frontend servers"
 default_attributes(
   :apache => {
     :mpm => "event",
+    :evasive => {
+      :page_count => 30,
+      :site_count => 100,
+      :blocking_period => 30
+    },
     :event => {
       :server_limit => 20,
       :max_request_workers => 1000,
@@ -38,7 +43,7 @@ default_attributes(
       :messages => {
         :comment => "messages.openstreetmap.org",
         :domains => ["messages.openstreetmap.org"],
-        :local_parts => ["^c-(\\\\d+)-(\\\\d+)-(.*)\\$", "^m-(\\\\d+)-(.*)\\$"],
+        :local_parts => ["${lookup{$local_part}lsearch*,ret=key{/etc/exim4/detaint}}"],
         :command => "/usr/local/bin/deliver-message $local_part_data",
         :user => "rails",
         :group => "rails",
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.