diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..0f05cf303805123b786f78f60866d9e8f0a22a86
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.retry
+*.swp
diff --git a/README.md b/README.md
index 965473fefbd6f693a21a380b2b475f363c30e5a7..a35566ca3a96c769e30537fdc3ea22df86de9c28 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ To use this role you need to use Ansible Galaxy to install it into another repos
 To pull this repo in run:
 
 ```bash
-ansible-galaxy install -r requirements.yml --force -p roles 
+ansible-galaxy install -r requirements.yml --force -p galaxy/roles 
 ```
 
 The other repo should also contain a `.yml` file that contains something like this:
@@ -37,6 +37,7 @@ The other repo should also contain a `.yml` file that contains something like th
       - mime
       - rewrite
       - ssl
+      - mpm_event
     apache_mods_disabled:
       - suexec
       - mpm-itk
@@ -49,6 +50,8 @@ The other repo should also contain a `.yml` file that contains something like th
     apache_ulimit: 65536
     apache_mpm_max_request_workers: 128
     apache_mpm_max_connections_per_child: 10000
+    apache_apache_rate_limit: 64
+    apache_rate_initial_burst: 256
 
   roles:
     - apache
diff --git a/tasks/main.yml b/tasks/main.yml
index ecc23a7b53a8ecf4e2f29c20b031dd3936ff207b..b23e2a5bb35963e4dcf21cb4592229686b151d9e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -17,24 +17,47 @@
     mode: 0755
     owner: root
     group: root
+  tags:
+    - apache
 
-- name: Apache ITK MPM package present
+- name: Apache ITK MPM package absent
   apt:
     pkg:
       - libapache2-mpm-itk
-    state: present
+    state: absent
     update_cache: false
-  when: apache_mods_enabled is defined and "mpm-itk" in apache_mods_enabled
+  when: ( apache_mods_enabled is defined ) and ( "mpm-itk" in apache_mods_disabled )
   tags:
     - apache
 
-- name: Apache ITK MPM package absent
+- name: Apache ITK MPM configuration
+  block:
+
+    - name: Apache ITK MPM package present
+      apt:
+        pkg:
+          - libapache2-mpm-itk
+        state: present
+        update_cache: false
+      tags:
+        - apache
+
+    - name: Apache mpm_prefork.conf in place
+      template:
+        src: templates/mpm_prefork.conf.j2
+        dest: /etc/apache2/mods-available/mpm_prefork.conf
+      tags:
+        - apache
+
+  when: ( apache_mods_enabled is defined ) and ( "mpm-itk" in apache_mods_enabled )
+
+- name: Apache suEXEC package absent
   apt:
     pkg:
-      - libapache2-mpm-itk
+      - apache2-suexec-pristine
     state: absent
     update_cache: false
-  when: apache_mods_enabled is defined and "mpm-itk" in apache_mods_disabled
+  when: ( apache_mods_enabled is defined ) and ( "suexec" in apache_mods_disabled )
   tags:
     - apache
 
@@ -44,17 +67,17 @@
       - apache2-suexec-pristine
     state: present
     update_cache: false
-  when: apache_mods_enabled is defined and "suexec" in apache_mods_enabled
+  when: ( apache_mods_enabled is defined ) and ( "suexec" in apache_mods_enabled )
   tags:
     - apache
 
-- name: Apache suEXEC package absent
+- name: Apache FastCGI absent
   apt:
     pkg:
-      - apache2-suexec-pristine
+      - libapache2-mod-fcgid
     state: absent
     update_cache: false
-  when: apache_mods_enabled is defined and "suexec" in apache_mods_disabled
+  when: ( apache_mods_enabled is defined ) and ( "fcgid" not in apache_mods_disabled )
   tags:
     - apache
 
@@ -64,22 +87,24 @@
       - libapache2-mod-fcgid
     state: present
     update_cache: false
-  when: apache_mods_enabled is defined and "fcgid" in apache_mods_enabled
+  when: ( apache_mods_enabled is defined ) and ( "fcgid" in apache_mods_enabled )
   tags:
     - apache
 
-- name: Apache FastCGI absent
-  apt:
-    pkg:
-      - libapache2-mod-fcgid
-    state: absent
-    update_cache: false
-  when: apache_mods_enabled is defined and "fcgid" not in apache_mods_disabled
+- name: Apache ratelimit conf present
+  template:
+    src: templates/ratelimit.conf.j2
+    dest: /etc/apache2/mods-available/ratelimit.conf
+  when: ( apache_mods_enabled is defined ) and ( "ratelimit" in apache_mods_enabled )
+  tags:
+    - apache
 
 - name: Check we we have a HTTPS cert
   stat:
     path: "/etc/ssl/le/{{ inventory_hostname }}.cert.pem"
   register: apache_cert
+  tags:
+    - apache
 
 - name: Conditionally include Webarchitects config
   include_tasks: webarch.yml
@@ -87,13 +112,6 @@
   tags:
     - apache
 
-- name: Apache mpm_prefork.conf in place
-  template:
-    src: templates/mpm_prefork.conf.j2
-    dest: /etc/apache2/mods-enabled/mpm_prefork.conf
-  tags:
-    - apache
-
 - name: Custom Apache ssl.conf in place
   copy:
     src: files/ssl.conf
@@ -116,7 +134,7 @@
     - apache
 
 - name: Apache conf disabled
-  include_tasks: a2disconf.yml
+a include_tasks: a2disconf.yml
   with_items: "{{ apache_conf_disabled }}"
   when: apache_conf_disabled is defined
   tags:
diff --git a/templates/envvars.j2 b/templates/envvars.j2
index b6552d3b495410346c8b09a35f31e763a0bcee8d..d2fc8e90a0fb14536fbe5bf8a16c2427196cda0b 100644
--- a/templates/envvars.j2
+++ b/templates/envvars.j2
@@ -1,3 +1,4 @@
+# {{ ansible_managed }}
 # envvars - default environment variables for apache2ctl
   
 # this won't be correct after changing uid
@@ -45,4 +46,4 @@ APACHE_ULIMIT_MAX_FILES='ulimit -n {{ apache_ulimit | default('8192') }}'
 ## This will produce a verbose output on package installations of web server modules and web application
 ## installations which interact with Apache
 #export APACHE2_MAINTSCRIPT_DEBUG=1
-
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/templates/mpm_prefork.conf.j2 b/templates/mpm_prefork.conf.j2
index 7731a87607fe1c59f62cb3aca54201a894fc95b7..f3697ae5c576089696a84f28efaabdb7ae5e4ffb 100644
--- a/templates/mpm_prefork.conf.j2
+++ b/templates/mpm_prefork.conf.j2
@@ -1,3 +1,4 @@
+# {{ ansible_managed }}
 # prefork MPM
 # StartServers: number of server processes to start
 # MinSpareServers: minimum number of server processes which are kept spare
diff --git a/templates/ratelimit.conf.j2 b/templates/ratelimit.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..183c8b6ec08fda8543f6ba0f84ce67cb775aa388
--- /dev/null
+++ b/templates/ratelimit.conf.j2
@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+# https://httpd.apache.org/docs/trunk/mod/mod_ratelimit.html
+{% if apache_rate_limit is defined %}
+SetOutputFilter RATE_LIMIT
+SetEnv rate-limit {{ apache_rate_limit }}
+{% else %}
+# rate-limit not set as apache_rate_limit was not defined
+{% endif %}
+{% if apache_rate_initial_burst is defined %}
+SetEnv rate-initial-burst {{ apache_rate_initial_burst }}
+{% else %}
+# rate-initial-burst not set as apache_rate_initial_burst was not defined
+{% endif %}
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+
diff --git a/templates/webarch.conf.j2 b/templates/webarch.conf.j2
index e55b4bbcb1765369e35318776e0c7c37baf70de3..10263ef5d6f8d7eb85c0cedef94750b584e3800e 100644
--- a/templates/webarch.conf.j2
+++ b/templates/webarch.conf.j2
@@ -1,3 +1,4 @@
+# {{ ansible_managed }}
 # WSH Settings for all sites
 # Ansible Generated
 
@@ -272,3 +273,4 @@ ErrorDocument 403 /wsh/403.shtml
     </IfModule>
   </Directory>
 </VirtualHost>
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet