add extras sectionHEADmaster

2 files changed, 23 insertions, 0 deletions

diff --git a/index.html b/index.html
index e265c0e..c3dabf8 100644
--- a/index.html
+++ b/index.html
@@ -175,6 +175,14 @@ doas rcctl start haproxy
 <p>Now check out your website! </p>
 <p>Everything should work as intended. You should have valid TLS, your standard HTTP request should forward to HTTPS, <code>www</code> requests should forward to <code>non-www</code>, and your security headers should <a href="https://securityheaders.com/?q=https%3A%2F%2Fhttpd.rocks%2F&amp;followRedirects=on">score an A+</a>.</p>
 <p>That&#8217;s it!</p>
+<h2 id="extras">Extras</h2>
+<p>With your website now live, you may want to avoid overloading your server when you share it with the world! You can opt to use any CDN of your choosing or edit your <code>pf.conf</code> with sane defaults:</p>
+<pre><code>pass in on any proto tcp from any to any port {80 443} keep state \
+    (max-src-conn 10, max-src-conn-rate 5&#47;30, max-src-nodes 200)
+</code></pre>
+<p>Then reload your configuration:</p>
+<pre><code>doas pfctl -f &#47;etc&#47;pf.conf
+</code></pre>
 <hr/>
 <h2 id="references">References</h2>
 <p>I am far from an OpenBSD expert. Please refer to these additional (and mostly better) resources and documentation:</p>
diff --git a/index.md b/index.md
index 4f8acb8..d8210eb 100644
--- a/index.md
+++ b/index.md
@@ -240,6 +240,21 @@ Everything should work as intended. You should have valid TLS, your standard HTT
 
 That's it!
 
+## Extras
+
+With your website now live, you may want to avoid overloading your server when you share it with the world! You can opt to use any CDN of your choosing or edit your `pf.conf` with sane defaults:
+
+```
+pass in on any proto tcp from any to any port {80 443} keep state \
+    (max-src-conn 10, max-src-conn-rate 5/30, max-src-nodes 200)
+```
+
+Then reload your configuration:
+
+```
+doas pfctl -f /etc/pf.conf
+```
+
 ---
 
 ## References