2620:52:3:1:5054:ff:fe0a:75a4 1; # gnome
2620:52:3:1:5054:ff:fe0a:75a2 1; # gnome
2620:52:3:1:5054:ff:fe0a:75aa 1; # gnome
+ 34.234.151.67 1; # gnome - https://github.com/openstreetmap/operations/issues/1160
+ 54.165.53.199 1; # gnome - https://github.com/openstreetmap/operations/issues/1160
+ 35.153.15.118 1; # gnome - https://github.com/openstreetmap/operations/issues/1160
}
-map $missing_email$missing_referer$http_user_agent $blocked_user_agent {
+map $server_protocol$http_user_agent $cleaned_user_agent {
+ default $http_user_agent;
+ "~^HTTP/1..Mozilla/" Script$http_user_agent;
+}
+
+map $missing_email$missing_referer$cleaned_user_agent $blocked_user_agent {
default 0;
"11" 2; # block any requests without identifier
include <%= @confdir %>/nginx_blocked_user_agent.conf;
include <%= @confdir %>/nginx_blocked_email.conf;
}
-map $nominatim_script_name$missing_referer $blocked_path {
- default 0;
- "details1" 1;
-}
-
map $whitelisted $limit_www {
1 "";
0 $binary_remote_addr;
}
location @php {
+ if ($forward_to_ui) {
+ rewrite ^(/[^/]*) https://$host/ui$1.html redirect;
+ }
if ($blocked_user_agent ~ ^2$)
{ return 403; }
if ($blocked_referrer)
{ return 403; }
if ($blocked_email)
{ return 403; }
- if ($blocked_path)
- { return 403; }
+ if ($args ~* "q=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[ &]")
+ { return 418; }
include <%= @confdir %>/nginx_blocked_generic.conf;
limit_req zone=www burst=10;
proxy_redirect off;
proxy_pass http://nominatim_service;
<% end -%>
- if ($forward_to_ui) {
- rewrite ^(/[^/]*) https://$host/ui$1.html redirect;
- }
}
<% if node[:nominatim][:api_flavour] == "php" %>
projects / chef.git / blobdiff