From: Tom Hughes Date: Tue, 19 Dec 2017 20:55:42 +0000 (+0000) Subject: Add support for rate limit http connections X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/8cb0dff3028536a89e82db81e5b908e6c037c1c7 Add support for rate limit http connections --- diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb index 88a4091f5..e7dcf265c 100644 --- a/cookbooks/networking/attributes/default.rb +++ b/cookbooks/networking/attributes/default.rb @@ -1,5 +1,6 @@ default[:networking][:firewall][:inet] = [] default[:networking][:firewall][:inet6] = [] +default[:networking][:firewall][:http_rate_limit] = "-" default[:networking][:firewall][:http_connection_limit] = "-" default[:networking][:interfaces] = {} default[:networking][:nameservers] = [] diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb index 697f2c34e..09b431fd3 100644 --- a/cookbooks/networking/recipes/default.rb +++ b/cookbooks/networking/recipes/default.rb @@ -336,6 +336,7 @@ firewall_rule "accept-http" do dest "fw" proto "tcp:syn" dest_ports "http" + rate_limit node[:networking][:firewall][:http_rate_limit] connection_limit node[:networking][:firewall][:http_connection_limit] end @@ -345,5 +346,6 @@ firewall_rule "accept-https" do dest "fw" proto "tcp:syn" dest_ports "https" + rate_limit node[:networking][:firewall][:http_rate_limit] connection_limit node[:networking][:firewall][:http_connection_limit] end