From 2d62f5d569f1ef80d83eb6dab513159994da6660 Mon Sep 17 00:00:00 2001 From: Sarah Hoffmann Date: Mon, 24 Apr 2017 14:10:18 +0200 Subject: [PATCH] nominatim: add read timeout to apache --- cookbooks/nominatim/recipes/default.rb | 3 ++- cookbooks/nominatim/templates/default/apache.erb | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb index 19e48909f..a8009759f 100644 --- a/cookbooks/nominatim/recipes/default.rb +++ b/cookbooks/nominatim/recipes/default.rb @@ -306,6 +306,7 @@ apache_module "proxy" apache_module "proxy_fcgi" apache_module "proxy_http" apache_module "headers" +apache_module "reqtimeout" service "php7.0-fpm" do action [:enable, :start] @@ -357,7 +358,7 @@ web_servers = search(:node, "recipes:web\\:\\:frontend").collect do |n| # ~FC010 end.flatten fail2ban_filter "nominatim" do - failregex '^ - - \[\] "[^"]+" (400|429) ' + failregex '^ - - \[\] "[^"]+" (408|429) ' end fail2ban_jail "nominatim" do diff --git a/cookbooks/nominatim/templates/default/apache.erb b/cookbooks/nominatim/templates/default/apache.erb index b79e76dbe..652fd93a3 100644 --- a/cookbooks/nominatim/templates/default/apache.erb +++ b/cookbooks/nominatim/templates/default/apache.erb @@ -25,6 +25,8 @@ # Remove Proxy request header to mitigate https://httpoxy.org/ RequestHeader unset Proxy early + RequestReadTimeout header=15-30,MinRate=500 body=15-30,MinRate=500 + CustomLog /var/log/apache2/nominatim.openstreetmap.org-access.log combined ErrorLog /var/log/apache2/nominatim.openstreetmap.org-error.log -- 2.39.5