nominatim: improve IP query block expression

[chef.git] / cookbooks / nominatim / templates / default / nginx.erb

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index def54f1ace9a6414dff411bdaee36dba1e61abb7..4f171bf06958e71427b9edcc508fc4a70a188b46 100644 (file)
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -7,9 +7,9 @@ upstream nominatim_service {
 }
 
 map $uri $nominatim_script_name {
-    ~^(.+?\.php)         $1;
-    ~^/([^/]+)           $1.php;
-    ^$                   search.php;
+    ~^/*(.+?)\.php        $1;
+    ~^/*([^/]+)           $1;
+    ^$                   search;
 }
 
 map $uri $nominatim_path_info {
@@ -194,6 +194,8 @@ server {
         { return 403; }
         if ($blocked_email)
         { return 403; }
+        if ($arg_q ~* "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$")
+        { return 418; }
         include <%= @confdir %>/nginx_blocked_generic.conf;
 
         limit_req zone=www burst=10;
@@ -211,8 +213,9 @@ server {
         if ($request_method = 'OPTIONS') {
           add_header 'Content-Type' 'text/plain; charset=UTF-8';
           add_header 'Content-Length' 0;
-          add_header Access-Control-Allow-Origin "*" always;
-          add_header Access-Control-Allow-Methods 'GET,OPTIONS' always;
+          add_header Access-Control-Allow-Origin "*";
+          add_header Access-Control-Allow-Methods 'GET,OPTIONS';
+          add_header Access-Control-Allow-Headers $http_access_control_request_headers;
           return 204;
         }