X-Git-Url: https://git.openstreetmap.org./nominatim.git/blobdiff_plain/c21f3cc58a79d0daae092b17ffe313cf393cb4c0..65aba66c99903322bc56c7ca99ac29446dd94d09:/utils/cron_banip.py diff --git a/utils/cron_banip.py b/utils/cron_banip.py index 714df283..53f5e5f1 100755 --- a/utils/cron_banip.py +++ b/utils/cron_banip.py @@ -52,6 +52,9 @@ LOGFILE= BASEDIR + '/log/restricted_ip.log' WHITELIST = '' # space-separated list of IPs manually blocked BLACKLIST = '' +# user-agents that should be blocked from bulk mode +# (matched with startswith) +UA_BLOCKLIST = () # time before a automatically blocked IP is allowed back BLOCKCOOLOFF_PERIOD='1 hour' @@ -111,6 +114,11 @@ BLOCK_LIMIT = max(BLOCK_LOWER, BLOCK_UPPER - BLOCK_LOADFAC * (dbload - 75)) BULKLONG_LIMIT = max(BULK_LOWER, BULKLONG_LIMIT - BULK_LOADFAC * (avgload - 14)) if len(prevbulks) > MAX_BULK_IPS: BLOCK_LIMIT = max(3600, BLOCK_LOWER - (len(prevbulks) - MAX_BULK_IPS)*10) +# if the bulk pool is still empty, clients will be faster, avoid having +# them blocked in this case +if len(prevbulks) < 10: + BLOCK_LIMIT = 2*BLOCK_UPPER + # get the new block candidates cur.execute(""" @@ -133,7 +141,13 @@ useragentblocks = [] for c in cur: if c[0] not in WHITELIST and c[0] not in BLACKLIST: - missing_agent = not c[2] or c[2].startswith('Java/1.') + # check for user agents that receive an immediate block + missing_agent = not c[2] + if not missing_agent: + for ua in UA_BLOCKLIST: + if c[2].startswith(ua): + missing_agent = True + break if (missing_agent or c[1] > BLOCK_UPPER) and c[0] not in prevblocks: newblocks.add(c[0]) if missing_agent: @@ -159,15 +173,16 @@ for ip in prevblocks: deblockcandidates.add(ip) for ip in prevbulks: - if ip in bulkips: - if bulkips[ip] > BLOCK_LIMIT: - newblocks.add(ip) - newlyblocked.append(ip) + if ip not in newblocks: + if ip in bulkips: + if bulkips[ip] > BLOCK_LIMIT: + newblocks.add(ip) + newlyblocked.append(ip) + else: + newbulks.add(ip) + del bulkips[ip] else: - newbulks.add(ip) - del bulkips[ip] - else: - debulkcandidates.add(ip) + debulkcandidates.add(ip) # cross-check deblock candidates if deblockcandidates: