Enable mod_evasive for all apache instances except render servers

Author: tomhughes

cookbooks/apache/attributes/default.rb

@@ -29,3 +29,5 @@
 default[:apache][:listen_address] = "*"
 
 default[:apache][:buffered_logs] = true
+
+default[:apache][:evasive] = true

cookbooks/apache/recipes/default.rb

@@ -78,6 +78,11 @@
   variables :hosts => admins["hosts"]
 end
 
+apache_module "evasive" do
+  conf "evasive.conf.erb"
+  only_if { node[:apache][:evasive] }
+end
+
 apache_module "brotli" do
   conf "brotli.conf.erb"
 end

cookbooks/apache/templates/default/evasive.conf.erb

@@ -0,0 +1,10 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<IfModule mod_evasive.c>
+    DOSHashTableSize    65536
+    DOSPageCount        2
+    DOSSiteCount        50
+    DOSPageInterval     1
+    DOSSiteInterval     1
+    DOSBlockingPeriod   60
+</IfModule>

roles/tile.rb

@@ -13,6 +13,7 @@
   :apache => {
     :mpm => "event",
     :timeout => 60,
+    :evasive => false,
     :event => {
       :threads_per_child => 20,
       :min_spare_threads => 300,