Verified Commit 73a212ed authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Rate limit man.archlinux.org

Limit man.archlinux.org to reduce the impact of one potential abuser on
the availability. This returns too many request when running oha with 10
connections. This does not fully negate the issue, later the abuser
should be automatically fail2ban'd.
parent bab8e408
Pipeline #7562 passed with stage
in 53 seconds
...@@ -2,6 +2,9 @@ upstream archmanweb { ...@@ -2,6 +2,9 @@ upstream archmanweb {
server unix:///run/uwsgi/archmanweb.sock; server unix:///run/uwsgi/archmanweb.sock;
} }
limit_req_zone $binary_remote_addr zone=archmanweb_limit:10m rate=2r/s;
limit_req_status 429;
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
...@@ -32,6 +35,8 @@ server { ...@@ -32,6 +35,8 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ archmanweb_domain }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ archmanweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ archmanweb_domain }}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ archmanweb_domain }}/chain.pem;
limit_req zone=archmanweb_limit burst=10 delay=8;
location = /favicon.ico { location = /favicon.ico {
alias {{ archmanweb_dir }}/repo/collected_static/favicon.ico; alias {{ archmanweb_dir }}/repo/collected_static/favicon.ico;
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment