provide contact for 403s

[nominatim.git] / utils / cron_banip.py

diff --git a/utils/cron_banip.py b/utils/cron_banip.py
index 714df2831c5e81e74ac676ccbee0b621daa42ec7..c8fdd78c9aea124a305559e6b748ed121c0b96d2 100755 (executable)
--- a/utils/cron_banip.py
+++ b/utils/cron_banip.py
@@ -52,6 +52,9 @@ LOGFILE= BASEDIR + '/log/restricted_ip.log'
 WHITELIST = ''
 # space-separated list of IPs manually blocked
 BLACKLIST = ''
+# user-agents that should be blocked from bulk mode
+# (matched with startswith)
+UA_BLOCKLIST = ()
 
 # time before a automatically blocked IP is allowed back
 BLOCKCOOLOFF_PERIOD='1 hour'
@@ -133,7 +136,13 @@ useragentblocks = []
 
 for c in cur:
     if c[0] not in WHITELIST and c[0] not in BLACKLIST:
-        missing_agent = not c[2] or c[2].startswith('Java/1.')
+        # check for user agents that receive an immediate block
+        missing_agent = not c[2]
+        if not missing_agent:
+            for ua in UA_BLOCKLIST:
+                if c[2].startswith(ua):
+                    missing_agent = True
+                    break
         if (missing_agent or c[1] > BLOCK_UPPER) and c[0] not in prevblocks:
             newblocks.add(c[0])
             if missing_agent:
@@ -159,15 +168,16 @@ for ip in prevblocks:
         deblockcandidates.add(ip)    
         
 for ip in prevbulks:
-    if ip in bulkips:
-        if bulkips[ip] > BLOCK_LIMIT:
-            newblocks.add(ip)
-            newlyblocked.append(ip)
+    if ip not in newblocks:
+        if ip in bulkips:
+            if bulkips[ip] > BLOCK_LIMIT:
+                newblocks.add(ip)
+                newlyblocked.append(ip)
+            else:
+                newbulks.add(ip)
+            del bulkips[ip]
         else:
-            newbulks.add(ip)
-        del bulkips[ip]
-    else:
-        debulkcandidates.add(ip)
+            debulkcandidates.add(ip)
 
 # cross-check deblock candidates
 if deblockcandidates: