server.username = "www-data"
server.groupname = "www-data"
server.pid-file = "/var/run/lighttpd.pid"
+server.max-fds = 8192
+server.reject-expect-100-with-417 = "disable"
#
# Setup logging
#
accesslog.filename = "/var/log/lighttpd/access.log"
+accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Accept-Language}i\""
server.errorlog = "/var/log/lighttpd/error.log"
#
# Allow munin to monitor the server's status
#
-$HTTP["remoteip"] == "127.0.0.1" {
+$HTTP["remoteip"] == "128.40.168.98" {
status.config-url = "/server-config"
status.status-url = "/server-status"
status.statistics-url = "/server-statistics"
}
#
-# IP blocked at SteveC's request as it was trying to download the
-# history of every object in the database one at a time
+# Pull in host blocks
#
-$HTTP["remoteip"] == "143.210.16.160" { url.access-deny = ("") }
+include_shell "lighttpd-host-blocks.sh"
+
+#
+# Block some troublesome robots
+#
+$HTTP["useragent"] =~ "msnbot" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Twiceler" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Baiduspider" { url.access-deny = ("") }
+$HTTP["useragent"] =~ "Sosospider+" { url.access-deny = ("") }
#
# Rule to block tilesAtHome when somebody decides to queue vast
#
#$HTTP["useragent"] == "tilesAtHome" { url.access-deny = ("") }
+#
+# Block JOSM revisions 1722-1727 as they have a serious bug that causes
+# lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804)
+#
+$HTTP["useragent"] =~ "^JOSM/[0-9]+\.[0-9]+ \(172[234567] " {
+ url.access-deny = ("")
+}
+
#
# Limit connections to 20 per IP address
#
".css" => "text/css",
".gif" => "image/gif",
".html" => "text/html; charset=utf-8",
+ ".jpg" => "image/jpeg",
".js" => "application/x-javascript",
".png" => "image/png",
".swf" => "application/x-shockwave-flash",
# Set expiry for static content
#
expire.url = (
- "/export/" => "access 7 days",
+ "/export/embed.html" => "access 7 days",
"/images/" => "access 10 years",
"/javascripts/" => "access 10 years",
"/openlayers/" => "access 7 days",
"^/wiki/(.*)$" => "http://wiki.openstreetmap.org/$1"
)
+#
+# Redirect everything except www.openstreetmap.org and
+# api.openstreetmap.org to www.openstreetmap.org
+#
+$HTTP["host"] =~ "^api\." {
+ $HTTP["host"] != "api.openstreetmap.org" {
+ url.redirect = ( "^(.*)$" => "http://api.openstreetmap.org$1" )
+ }
+}
+else $HTTP["host"] != "www.openstreetmap.org" {
+ url.redirect = ( "^(.*)$" => "http://www.openstreetmap.org$1" )
+}
+
#
# Run anything with a .pl iextension as a CGI script
#
#
# Send everything else to the appropriate FastCGI server
#
-$HTTP["useragent"] == "tilesAtHome" {
+$HTTP["useragent"] =~ "^tilesAtHome" {
server.error-handler-404 = "/dispatch.tah"
}
-else $HTTP["url"] =~ "^/api/0\.6/(map|trackpoints|amf|amf/read|swf/trackpoints)$" {
+else $HTTP["url"] =~ "^/trace/[0-9]+/data$" {
server.error-handler-404 = "/dispatch.bulkapi"
}
-else $HTTP["url"] =~ "^/api/0\.6/.*/search$" {
+else $HTTP["url"] =~ "^/api/0\.6/(map|trackpoints|amf|amf/read|swf/trackpoints|changeset/[0-9]+/(upload|download))$" {
+ server.error-handler-404 = "/dispatch.bulkapi"
+}
+else $HTTP["url"] =~ "^/api/0\.6/.*/(full|history|search|ways)$" {
server.error-handler-404 = "/dispatch.bulkapi"
}
else $HTTP["url"] =~ "^/api/0\.6/" {
else $HTTP["url"] =~ "^/api/0\.[0-9]+/" {
url.access-deny = ("")
}
+else $HTTP["url"] =~ "^/geocoder/(search|description)_osm_namefinder$" {
+ server.error-handler-404 = "/dispatch.namefinder"
+}
+else $HTTP["url"] =~ "^/geocoder/(search|description)_geonames$" {
+ server.error-handler-404 = "/dispatch.geonames"
+}
else $HTTP["url"] =~ "^/" {
server.error-handler-404 = "/dispatch.web"
}
( "host" => "127.0.0.1", "port" => 8022, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8023, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8024, "check-local" => "disable" ),
- ( "host" => "127.0.0.1", "port" => 8025, "check-local" => "disable" ),
+ ( "host" => "127.0.0.1", "port" => 8025, "check-local" => "disable" )
+ ),
+ ".namefinder" => (
( "host" => "127.0.0.1", "port" => 8026, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8027, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8028, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8029, "check-local" => "disable" )
),
- ".api" => (
+ ".geonames" => (
( "host" => "127.0.0.1", "port" => 8030, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8031, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8032, "check-local" => "disable" ),
- ( "host" => "127.0.0.1", "port" => 8033, "check-local" => "disable" ),
+ ( "host" => "127.0.0.1", "port" => 8033, "check-local" => "disable" )
+ ),
+ ".api" => (
( "host" => "127.0.0.1", "port" => 8034, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8035, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8036, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8041, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8042, "check-local" => "disable" ),
( "host" => "127.0.0.1", "port" => 8043, "check-local" => "disable" ),
- ( "host" => "127.0.0.1", "port" => 8044, "check-local" => "disable" )
+ ( "host" => "127.0.0.1", "port" => 8044, "check-local" => "disable" ),
+ ( "host" => "127.0.0.1", "port" => 8045, "check-local" => "disable" ),
+ ( "host" => "127.0.0.1", "port" => 8046, "check-local" => "disable" ),
+ ( "host" => "127.0.0.1", "port" => 8047, "check-local" => "disable" ),
+ ( "host" => "127.0.0.1", "port" => 8048, "check-local" => "disable" )
),
".bulkapi" => (
( "host" => "10.0.0.10", "port" => 8000, "check-local" => "disable" ),
( "host" => "10.0.0.12", "port" => 8002, "check-local" => "disable" ),
( "host" => "10.0.0.10", "port" => 8003, "check-local" => "disable" ),
( "host" => "10.0.0.11", "port" => 8003, "check-local" => "disable" ),
- ( "host" => "10.0.0.12", "port" => 8003, "check-local" => "disable" )
- ),
- ".tah" => (
+ ( "host" => "10.0.0.12", "port" => 8003, "check-local" => "disable" ),
( "host" => "10.0.0.10", "port" => 8004, "check-local" => "disable" ),
( "host" => "10.0.0.11", "port" => 8004, "check-local" => "disable" ),
( "host" => "10.0.0.12", "port" => 8004, "check-local" => "disable" ),
( "host" => "10.0.0.10", "port" => 8005, "check-local" => "disable" ),
( "host" => "10.0.0.11", "port" => 8005, "check-local" => "disable" ),
- ( "host" => "10.0.0.12", "port" => 8005, "check-local" => "disable" )
+ ( "host" => "10.0.0.12", "port" => 8005, "check-local" => "disable" ),
+ ( "host" => "10.0.0.10", "port" => 8006, "check-local" => "disable" ),
+ ( "host" => "10.0.0.11", "port" => 8006, "check-local" => "disable" ),
+ ( "host" => "10.0.0.12", "port" => 8006, "check-local" => "disable" ),
+ ( "host" => "10.0.0.10", "port" => 8007, "check-local" => "disable" ),
+ ( "host" => "10.0.0.11", "port" => 8007, "check-local" => "disable" ),
+ ( "host" => "10.0.0.12", "port" => 8007, "check-local" => "disable" ),
+ ( "host" => "10.0.0.10", "port" => 8008, "check-local" => "disable" ),
+ ( "host" => "10.0.0.11", "port" => 8008, "check-local" => "disable" ),
+ ( "host" => "10.0.0.12", "port" => 8008, "check-local" => "disable" ),
+ ( "host" => "10.0.0.10", "port" => 8009, "check-local" => "disable" ),
+ ( "host" => "10.0.0.11", "port" => 8009, "check-local" => "disable" ),
+ ( "host" => "10.0.0.12", "port" => 8009, "check-local" => "disable" ),
+ ( "host" => "10.0.0.10", "port" => 8010, "check-local" => "disable" ),
+ ( "host" => "10.0.0.11", "port" => 8010, "check-local" => "disable" ),
+ ( "host" => "10.0.0.12", "port" => 8010, "check-local" => "disable" ),
+ ),
+ ".tah" => (
+ ( "host" => "10.0.0.10", "port" => 8011, "check-local" => "disable" ),
+ ( "host" => "10.0.0.11", "port" => 8011, "check-local" => "disable" ),
+ ( "host" => "10.0.0.12", "port" => 8011, "check-local" => "disable" )
)
)