Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Autodeflect is an automation system for DIY installations of the Deflect anti-DDoS CDN system.

Deflect is a lightweight but heavy-duty anti-DDoS content distribution network that uses low-cost reverse proxies to absorb and mitigate DDoS attacks on webservers. The infrastructure is comprised of many parts, with Apache Traffic Server being a central component used for caching resources and serving them.

Autodeflect is a system for writing out the dynamic components of a Deflect configuration. This comprises:

  • Apache Traffic Server remap files
  • Bind-style zone file information (designed to be used with Edgemanage for robust serving of content when servers experience instability or become unavailable).
  • icinga configuration for monitoring origin servers
  • site configuration rules for the Banjax mitigation platform.
  • Scripted renewal of Let's Encrypt TLS certs


Global configuration of controller-side elements is accomplished via variables. These are created with ansible-playbook init.yml. Comments document the majority of this configuration.

Setup you inventory in config/inventory/inventory Then run your playbook. ansible-playbook init.yml. Note: You should only do this after autodeflect was install with cityhall

Client configuration (sites protected behind your instance of Deflect) is accomplished via clients.yml. In the Deflect system this file is generated via the Deflect Dashboard. This file can be written by hand or populated by some automated system. Some Day the Deflect Dashboard source will be opened, but this is not that day.


Autodeflect does not write out configuration for a Nagios installation, an Awstats setup or an Apache Traffic Server configuration set. Users should supply these configurations themselves (generally the stock configurations are fine, but vast improvements can be obtained by tweaking them). In future static configuration files will be added to this repository.


  • python-passlib


Ansible Deflect configuration automation




No releases published
You can’t perform that action at this time.