Commit 2420561d authored by Sven enniK's avatar Sven enniK

add option to disable apache ddos prevention

parent df549146
{%- set apache_ddos_prevent = salt['cmd.shell']('/usr/local/sbin/uci -qX get ffdd.sys.apache_ddos_prevent') %}
{# Apache2 Webserver #}
apache2:
pkg.installed:
......@@ -5,7 +7,6 @@ apache2:
- names:
- apache2
- apache2-utils
- libapache2-mod-evasive
- libapache2-mod-fcgid
- libapache2-mod-auth-plain
- libapache2-mod-authnz-pam
......@@ -33,6 +34,7 @@ apache2:
- apache2_mod_disable
- apache2_mod_enable
- apache2_mod_php
- libapache2-mod-evasive
- require:
- pkg: apache2
- service: S40network
......@@ -43,6 +45,16 @@ apache2:
- apache2_site_enable_freifunk
{% if apache_ddos_prevent == '1' %}
libapache2-mod-evasive:
pkg.installed:
- refresh: True
{% else %}
libapache2-mod-evasive:
pkg.removed
{% endif %}
{# disable default page #}
apache2_site_disable_default:
apache_site.disabled:
......
......@@ -40,6 +40,8 @@ config 'ffdd' 'sys'
# To disable tunneled clear text passwords and allow only pub-key auth.
option 'ssh_pwauth' '1'
option 'apache_ddos_prevent' '1'
# DNS-Server
list 'default_dns' '194.150.168.168'
list 'default_dns' '46.182.19.48'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment