From d8988540614d91d095928b8d451f1d18a28bdbb2 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sun, 10 May 2020 00:48:36 +0200
Subject: [PATCH] Update install_rate_limit_tpl.sh

---
 .../tools/rate-limit-tpl/install_rate_limit_tpl.sh        | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
index 483b54d47..8af03f140 100644
--- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
+++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh
@@ -1,5 +1,13 @@
 #!/bin/bash
 
+# This installer will install hosting-firewall.tpl (nginx template) that will:
+# + allow 1 http request per second per IP address (sent to your server, more precisely to your PHP-FPM)
+# + allow 2 parallel http connections per IP address (sent to your PHP-FPM)
+# + make burst (queue) for 7 additional http requests in the same second, but it will processed each request each second (so this will handle natural peaks that CMS can generate to itself)
+# + if client fills allowed queue , additional requests will be denied
+#
+# Generally, this nginx template will prevent bad bots to run hundreds parallel http requests against your site, which will probably cause denial-of-service on your server
+
 grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf)
 if [ "$grepc" -eq 0 ]; then
     sed -i 's|server_names_hash_bucket_size   512;|server_names_hash_bucket_size   512;\n    limit_conn_zone $binary_remote_addr zone=addr:10m;\n    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;\n    limit_conn_log_level error;\n    limit_req_log_level error;\n    limit_conn_status 429;\n    limit_req_status 429;|g' /etc/nginx/nginx.conf