X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/3d906fe8c6303c00e399ce2dfecc3471959fbe6e..345ac0bd1afcec2130c5cd55abc2906988e9e795:/config/lighttpd.conf?ds=inline diff --git a/config/lighttpd.conf b/config/lighttpd.conf index 80b941fa6..e728c6716 100644 --- a/config/lighttpd.conf +++ b/config/lighttpd.conf @@ -19,40 +19,54 @@ server.modules = ( server.username = "www-data" server.groupname = "www-data" server.pid-file = "/var/run/lighttpd.pid" - server.max-fds = 8192 +server.reject-expect-100-with-417 = "disable" # # Setup logging # accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.format = "%h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Accept-Language}i\"" server.errorlog = "/var/log/lighttpd/error.log" # # Allow munin to monitor the server's status # -$HTTP["remoteip"] == "127.0.0.1" { +$HTTP["remoteip"] == "128.40.168.98" { status.config-url = "/server-config" status.status-url = "/server-status" status.statistics-url = "/server-statistics" } # -# IP blocked at SteveC's request as it was trying to download the -# history of every object in the database one at a time +# Pull in host blocks # -$HTTP["remoteip"] == "143.210.16.160" { url.access-deny = ("") } +include_shell "lighttpd-host-blocks.sh" # -# Rule to block tilesAtHome when somebody decides to queue vast -# number of tiles for rerendering +# Block some troublesome robots # -#$HTTP["useragent"] == "tilesAtHome" { url.access-deny = ("") } +#$HTTP["useragent"] =~ "msnbot" { url.access-deny = ("") } +$HTTP["useragent"] =~ "Twiceler" { url.access-deny = ("") } +$HTTP["useragent"] =~ "Baiduspider" { url.access-deny = ("") } +$HTTP["useragent"] =~ "Sosospider+" { url.access-deny = ("") } +#$HTTP["useragent"] =~ "Yahoo! Slurp" { url.access-deny = ("") } +$HTTP["useragent"] =~ "Yeti" { url.access-deny = ("") } +#$HTTP["useragent"] =~ "Googlebot" { url.access-deny = ("") } +$HTTP["useragent"] =~ "The Hare and the Hedgeho" { url.access-deny = ("") } # -# Limit connections to 20 per IP address +# Block tilesAtHome # -evasive.max-conns-per-ip = 20 +$HTTP["useragent"] =~ "tilesAtHome" { url.access-deny = ("") } + +# +# Block JOSM revisions 1722-1727 as they have a serious bug that causes +# lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804) +# +$HTTP["useragent"] =~ "^JOSM/[0-9]+\.[0-9]+ \(172[234567] " { + url.access-deny = ("") +} # # Setup MIME type mapping @@ -61,6 +75,7 @@ mimetype.assign = ( ".css" => "text/css", ".gif" => "image/gif", ".html" => "text/html; charset=utf-8", + ".jpg" => "image/jpeg", ".js" => "application/x-javascript", ".png" => "image/png", ".swf" => "application/x-shockwave-flash", @@ -90,7 +105,7 @@ compress.filetype = ( # Set expiry for static content # expire.url = ( - "/export/" => "access 7 days", + "/export/embed.html" => "access 7 days", "/images/" => "access 10 years", "/javascripts/" => "access 10 years", "/openlayers/" => "access 7 days", @@ -136,13 +151,16 @@ server.document-root = "/home/rails/public" # # Send everything else to the appropriate FastCGI server # -$HTTP["useragent"] == "tilesAtHome" { - server.error-handler-404 = "/dispatch.tah" +$HTTP["url"] =~ "^/trace/[0-9]+/data$" { + server.error-handler-404 = "/dispatch.bulkapi" } -else $HTTP["url"] =~ "^/api/0\.6/(map|trackpoints|amf|amf/read|swf/trackpoints)$" { +else $HTTP["url"] =~ "^/api/0\.6/map$" { + server.error-handler-404 = "/dispatch.map" +} +else $HTTP["url"] =~ "^/api/0\.6/(trackpoints|amf|amf/read|swf/trackpoints|changeset/[0-9]+/(upload|download))$" { server.error-handler-404 = "/dispatch.bulkapi" } -else $HTTP["url"] =~ "^/api/0\.6/.*/search$" { +else $HTTP["url"] =~ "^/api/0\.6/.*/(full|history|search|ways)$" { server.error-handler-404 = "/dispatch.bulkapi" } else $HTTP["url"] =~ "^/api/0\.6/" { @@ -151,6 +169,9 @@ else $HTTP["url"] =~ "^/api/0\.6/" { else $HTTP["url"] =~ "^/api/0\.[0-9]+/" { url.access-deny = ("") } +else $HTTP["url"] =~ "^/geocoder/(search|description)_geonames$" { + server.error-handler-404 = "/dispatch.geonames" +} else $HTTP["url"] =~ "^/" { server.error-handler-404 = "/dispatch.web" } @@ -191,11 +212,13 @@ fastcgi.server = ( ( "host" => "127.0.0.1", "port" => 8028, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8029, "check-local" => "disable" ) ), - ".api" => ( + ".geonames" => ( ( "host" => "127.0.0.1", "port" => 8030, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8031, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8032, "check-local" => "disable" ), - ( "host" => "127.0.0.1", "port" => 8033, "check-local" => "disable" ), + ( "host" => "127.0.0.1", "port" => 8033, "check-local" => "disable" ) + ), + ".api" => ( ( "host" => "127.0.0.1", "port" => 8034, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8035, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8036, "check-local" => "disable" ), @@ -206,7 +229,11 @@ fastcgi.server = ( ( "host" => "127.0.0.1", "port" => 8041, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8042, "check-local" => "disable" ), ( "host" => "127.0.0.1", "port" => 8043, "check-local" => "disable" ), - ( "host" => "127.0.0.1", "port" => 8044, "check-local" => "disable" ) + ( "host" => "127.0.0.1", "port" => 8044, "check-local" => "disable" ), + ( "host" => "127.0.0.1", "port" => 8045, "check-local" => "disable" ), + ( "host" => "127.0.0.1", "port" => 8046, "check-local" => "disable" ), + ( "host" => "127.0.0.1", "port" => 8047, "check-local" => "disable" ), + ( "host" => "127.0.0.1", "port" => 8048, "check-local" => "disable" ) ), ".bulkapi" => ( ( "host" => "10.0.0.10", "port" => 8000, "check-local" => "disable" ), @@ -220,14 +247,35 @@ fastcgi.server = ( ( "host" => "10.0.0.12", "port" => 8002, "check-local" => "disable" ), ( "host" => "10.0.0.10", "port" => 8003, "check-local" => "disable" ), ( "host" => "10.0.0.11", "port" => 8003, "check-local" => "disable" ), - ( "host" => "10.0.0.12", "port" => 8003, "check-local" => "disable" ) - ), - ".tah" => ( + ( "host" => "10.0.0.12", "port" => 8003, "check-local" => "disable" ), ( "host" => "10.0.0.10", "port" => 8004, "check-local" => "disable" ), ( "host" => "10.0.0.11", "port" => 8004, "check-local" => "disable" ), ( "host" => "10.0.0.12", "port" => 8004, "check-local" => "disable" ), ( "host" => "10.0.0.10", "port" => 8005, "check-local" => "disable" ), ( "host" => "10.0.0.11", "port" => 8005, "check-local" => "disable" ), - ( "host" => "10.0.0.12", "port" => 8005, "check-local" => "disable" ) + ( "host" => "10.0.0.12", "port" => 8005, "check-local" => "disable" ), + ( "host" => "10.0.0.10", "port" => 8006, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 8006, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 8006, "check-local" => "disable" ), + ( "host" => "10.0.0.10", "port" => 8007, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 8007, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 8007, "check-local" => "disable" ), + ( "host" => "10.0.0.10", "port" => 8008, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 8008, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 8008, "check-local" => "disable" ), + ( "host" => "10.0.0.10", "port" => 8009, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 8009, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 8009, "check-local" => "disable" ), + ( "host" => "10.0.0.10", "port" => 8010, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 8010, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 8010, "check-local" => "disable" ), + ( "host" => "10.0.0.10", "port" => 8011, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 8011, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 8011, "check-local" => "disable" ) + ), + ".map" => ( + ( "host" => "10.0.0.10", "port" => 9000, "check-local" => "disable" ), + ( "host" => "10.0.0.11", "port" => 9000, "check-local" => "disable" ), + ( "host" => "10.0.0.12", "port" => 9000, "check-local" => "disable" ) ) )