mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
314aa3556e
Add a default rate limit for 20 req/s for the uwsgi endpoint and automatically ban users who reach this limit. The nginx-limit-req rule does not ban users who reach the rss limit as these are not likely DoS attempts.
16 lines
308 B
Django/Jinja
16 lines
308 B
Django/Jinja
#
|
|
# {{ansible_managed}}
|
|
#
|
|
|
|
[nginx-limit-req]
|
|
|
|
enabled = true
|
|
filter = nginx-limit-req
|
|
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
|
|
logpath = /var/log/nginx/*/error.log
|
|
findtime = 5min
|
|
bantime = 1hours
|
|
maxretry = 10
|
|
# Do not fail2ban archweb's rss limit.
|
|
ignoreregex = rsslimit
|