Skip to content

Commit 2c95278

Browse files
committed
Enable mod_evasive for all apache instances except render servers
1 parent 8b76d84 commit 2c95278

File tree

4 files changed

+18
-0
lines changed

4 files changed

+18
-0
lines changed

cookbooks/apache/attributes/default.rb

+2
Original file line numberDiff line numberDiff line change
@@ -29,3 +29,5 @@
2929
default[:apache][:listen_address] = "*"
3030

3131
default[:apache][:buffered_logs] = true
32+
33+
default[:apache][:evasive] = true

cookbooks/apache/recipes/default.rb

+5
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,11 @@
7878
variables :hosts => admins["hosts"]
7979
end
8080

81+
apache_module "evasive" do
82+
conf "evasive.conf.erb"
83+
only_if { node[:apache][:evasive] }
84+
end
85+
8186
apache_module "brotli" do
8287
conf "brotli.conf.erb"
8388
end
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# DO NOT EDIT - This file is being maintained by Chef
2+
3+
<IfModule mod_evasive.c>
4+
DOSHashTableSize 65536
5+
DOSPageCount 2
6+
DOSSiteCount 50
7+
DOSPageInterval 1
8+
DOSSiteInterval 1
9+
DOSBlockingPeriod 60
10+
</IfModule>

roles/tile.rb

+1
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
:apache => {
1414
:mpm => "event",
1515
:timeout => 60,
16+
:evasive => false,
1617
:event => {
1718
:threads_per_child => 20,
1819
:min_spare_threads => 300,

0 commit comments

Comments
 (0)