}
# Whitelisted IPs
-geo $limit {
- default 1;
- 2001:978:2:2c::172:6 0;
- 2001:978:2:2c::172:7 0;
- 2001:978:2:2c::172:8 0;
- 2001:978:2:2c::172:b 0;
- 2001:978:2:2c::172:c 0;
- 2001:978:2:2c::172:d 0;
- 130.117.76.6 0;
- 130.117.76.7 0;
- 130.117.76.8 0;
- 89.16.162.21 0;
- 89.16.162.22 0;
- 46.235.224.148 0;
- 209.132.180.180 0;
- 209.132.180.168 0;
- 8.43.85.23 0; # gnome
+geo $whitelisted {
+ default 0;
+ 2001:978:2:2c::172:6 1;
+ 2001:978:2:2c::172:7 1;
+ 2001:978:2:2c::172:8 1;
+ 2001:978:2:2c::172:b 1;
+ 2001:978:2:2c::172:c 1;
+ 2001:978:2:2c::172:d 1;
+ 130.117.76.6 1;
+ 130.117.76.7 1;
+ 130.117.76.8 1;
+ 89.16.162.21 1;
+ 89.16.162.22 1;
+ 46.235.224.148 1;
+ 209.132.180.180 1;
+ 209.132.180.168 1;
+ 8.43.85.23 1; # gnome
}
map $http_user_agent $blocked_user_agent {
include <%= @confdir %>/nginx_blocked_referrer.conf;
}
-map $limit $limit_key {
- 0 "";
- 1 $binary_remote_addr;
+map $whitelisted $limit_www {
+ 1 "";
+ 0 $binary_remote_addr;
}
map $blocked_user_agent $limit_tarpit {
2 $binary_remote_addr;
}
-limit_req_zone $limit zone=www:50m rate=2r/s;
+limit_req_zone $limit_www zone=www:50m rate=2r/s;
limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m;
projects / chef.git / commitdiff