add limit_bing rule

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index 4098660c1400260dd8eb3271769a1461ddcfc89d..22a210790e536bdae8554d0d3f98cea845dd4500 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -152,10 +152,15 @@ class apache2 {
         description     => "slow yahoo spider",
         rule            => "chain 'limit_yahoo' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }"
     }
+    @ferm::rule { "dsa-http-bing":
+        prio            => "21",
+        description     => "slow bing spider",
+        rule            => "chain 'limit_bing' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }"
+    }
     @ferm::rule { "dsa-http-rules":
         prio            => "22",
         description     => "http subchain",
-        rule            => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
+        rule            => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }"
     }
     @ferm::rule { "dsa-http":
         prio            => "23",