X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/67e2c2a6aefacbcf2f3aca5f793ed696a76ca06d..40e04dda9c896503238eef130e6bed4f06bd1738:/cookbooks/web/templates/default/apache.frontend.erb?ds=sidebyside diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index 91304f497..f4848bc3a 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -18,9 +18,12 @@ # # Setup logging # - LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time + SetEnvIfNoCase Authorization "^Basic " AUTH_METHOD=basic + SetEnvIfNoCase Authorization "^OAuth " AUTH_METHOD=oauth1 + SetEnvIfNoCase Authorization "^Bearer " AUTH_METHOD=oauth2 + SetEnvIfExpr "%{QUERY_STRING} =~ /(^|&)oauth_signature=/" AUTH_METHOD=oauth1 + LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{AUTH_METHOD}e" combined_with_time CustomLog /var/log/apache2/access.log combined_with_time - CustomLog /var/log/apache2/basic.log combined_with_time "expr=%{HTTP:Authorization} =~ /^Basic/i" ErrorLog /var/log/apache2/error.log # @@ -29,6 +32,11 @@ ExpiresActive On RewriteEngine on + # + # Configure timeouts + # + RequestReadTimeout handshake=20-40,MinRate=500 header=20-40,MinRate=500 body=20,MinRate=500 + # # Add the unique ID to the request headers # @@ -57,6 +65,12 @@ RewriteCond %{HTTP_USER_AGENT} "OSMApp Tuner" RewriteRule . - [F,L] + # + # Block trace scraper + # + RewriteCond %{HTTP_USER_AGENT} "python-httpx/0.24.1" + RewriteRule . - [F,L] + # # Block attempts to access old API versions #