+ # Requests sent within early data are subject to replay attacks.
+ # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
+ ssl_early_data on;
+
+ # Immediately 404 layers we do not support
+<% for i in 20..99 do %>
+ location /<%= i %>/ {
+ set $limit_rate 512;
+ return 404;
+ }
+<% end %>
+
+ # Immediately 404 silly tile requests
+ location = /0/0/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/0/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/-1/0.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/-1/1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/-1/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/-1/2.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/1/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /1/2/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /2/0/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /2/-1/0.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /2/-1/1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /2/1/-1.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /2/-1/2.png {
+ set $limit_rate 512;
+ return 404;
+ }
+ location = /2/-1/3.png {
+ set $limit_rate 512;
+ return 404;
+ }
+
+<% for i in 0..14 do %>
+<% if i == 0 -%>
+ # Default Fallback Location Handler (lowest)