1 acl osmtile_sites dstdomain a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org
2 acl osmtiles_png urlpath_regex .png$
4 acl osmtileScrapers browser ^$
5 acl osmtileScrapers browser ^MOBAC
6 acl osmtileScrapers browser ^JTileDownloader
7 acl osmtileScrapers browser ^Apache\-HttpClient
8 acl osmtileScrapers browser ^Opera\/10\.00
9 acl osmtileScrapers browser ^shipxy01
10 #acl osmtileScrapers browser ^OsmAnd #Victor + Email. Whitelist for 1 week
11 #acl osmtileScrapers browser ^apemap #CGI143 + Email. Whitelist for 1 week
12 acl osmtileScrapers browser Firefox\/2\.0\.0\.11$
13 #acl osmtileScrapers browser Firefox\/3\.5\.7$ #CGI285 + Email. Whitelist for 1 week
14 acl osmtileScrapers browser Firefox\/3\.6$
15 acl osmtileScrapers browser ^Mozilla\/5\.0$ #QLandkarte unwilling to set a real user-agent.
16 acl osmtileScrapers browser ^Mozilla$ #Intentionally faked user-agent
17 acl osmtileScrapers browser ^User\-Agent
18 acl osmtileScrapers browser Firefox\/0\.8$
19 acl osmtileScrapers browser Firefox\/1\.0$
20 acl osmtileScrapers browser Firefox\/1\.0\.7$
21 acl osmtileScrapers browser K\-Meleon\/1\.02$
22 acl osmtileScrapers browser MSIE.7\.0.*Windows.NT.5\.1.*2\.0\.50727.$
23 acl osmtileScrapers browser MSIE.5.5
24 acl osmtileScrapers browser ^LoadOSM\.exe$
25 acl osmtileScrapers browser ^app_name$
26 # TEMPORARY unblock of osmdroid-based apps which should be setting their unique
27 # User-Agent, but aren't. Re-block on/near 2016-08-29.
28 #acl osmtileScrapers browser ^osmdroid$ # app using osmdroid library not setting app-specific User-Agent
29 #acl osmtileScrapers browser ^Mozilla/5\.0 \(Windows NT 5\.1\)$ # Faked User-Agent
30 acl osmtileScrapers browser Firefox\/3\.0
31 acl osmtileScrapers browser Firefox\/4\.0
32 acl osmtileScrapers browser Firefox\/5\.0
33 acl osmtileScrapers browser Firefox\/6\.0
34 acl osmtileScrapers browser Firefox\/7\.0
35 acl osmtileScrapers browser Firefox\/8\.0
36 acl osmtileScrapers browser Firefox\/9\.0
37 acl osmtileScrapers browser Firefox\/10\.0
38 acl osmtileScrapers browser Firefox\/11\.0
39 acl osmtileScrapers browser Firefox\/12\.0
40 acl osmtileScrapers browser Firefox\/13\.0
42 acl is_fake_browser browser Firefox\/3\.0
43 acl is_fake_browser browser Firefox\/4\.0
44 acl is_fake_browser browser Firefox\/5\.0
45 acl is_fake_browser browser Firefox\/6\.0
46 acl is_fake_browser browser Firefox\/7\.0
47 acl is_fake_browser browser Firefox\/8\.0
48 acl is_fake_browser browser Firefox\/9\.0
49 acl is_fake_browser browser Firefox\/10\.0
50 acl is_fake_browser browser Firefox\/11\.0
51 acl is_fake_browser browser Firefox\/12\.0
52 acl is_fake_browser browser Firefox\/13\.0
54 http_access deny osmtile_sites osmtileScrapers
56 acl osmtileOverusers referer_regex ^https?://pmap\.kuku\.lu/
57 acl osmtileOverusers referer_regex ^https?://[^.]*\.pmap\.kuku\.lu/
58 acl osmtileOverusers referer_regex ^https?://fastpokemap\.com/
59 acl osmtileOverusers referer_regex ^https?://[^.]*\.fastpokemap\.com/
60 acl osmtileOverusers referer_regex ^https?://pkget\.com/
61 acl osmtileOverusers referer_regex ^https?://[^.]*\.pkget\.com/
63 http_access deny osmtile_sites osmtileOverusers
65 acl osmexportOverusers src 60.199.131.39
66 acl osmexportOverusers src 92.217.67.26
67 acl osmexportOverusers src 103.53.208.109
68 acl osmexportOverusers src 113.196.123.178
69 acl osmexportOverusers src 118.193.51.194
70 acl osmexportOverusers src 119.188.70.34
71 acl osmexportOverusers src 165.228.125.15
72 acl osmexportOverusers src 171.13.14.152
73 acl osmexportOverusers src 171.15.132.56
74 acl osmexportOverusers src 199.203.108.5
75 acl osmexportOverusers src 210.209.89.127
76 acl osmexportOverusers src 210.65.88.6
78 http_access deny osmtile_sites osmexportOverusers
80 # Delay pool when !has_referer and is_browser
81 acl has_referer referer_regex .
82 acl is_browser browser Chrome\/
83 acl is_browser browser Firefox\/
84 acl is_browser browser Trident\/
85 acl is_browser browser Safari\/
86 acl is_browser browser AppleWebKit\/
88 acl whitelist_path urlpath_regex ^/cgi-bin/(export|debug)
89 acl blacklist_path urlpath_regex ^/cgi-bin/
90 acl blacklist_path urlpath_regex ^/MyAdmin/
91 acl blacklist_path urlpath_regex ^/myadmin/
92 acl blacklist_path urlpath_regex ^/pma/
93 acl blacklist_path urlpath_regex ^/phpmyadmin/
94 acl blacklist_path urlpath_regex ^/phpMyAdmin/
95 acl blacklist_path urlpath_regex ^/idssvc/
96 acl blacklist_path urlpath_regex ^/iesvc/
97 acl blacklist_path urlpath_regex ^/invoker/
98 acl blacklist_path urlpath_regex ^/jmx-console/
99 acl blacklist_path urlpath_regex ^/manager/
100 acl blacklist_path urlpath_regex ^/service/
101 acl blacklist_path urlpath_regex ^/web-console/
102 acl blacklist_path urlpath_regex ^/wstats/
103 acl blacklist_path urlpath_regex ^/zecmd/
105 http_access allow osmtile_sites whitelist_path
106 http_access deny blacklist_path
108 acl requestMethodGet method GET
110 http_access allow osmtile_sites requestMethodGet
112 acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$
113 cache deny osmtile_sites osmtile_nocache_url
115 <% node[:tilecache][:tile_siblings].each do |sibling| -%>
116 cache_peer <%= sibling %> sibling 3128 3130 weight=1500
119 cache_peer <%= node[:tilecache][:tile_parent] %> parent 80 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000
120 cache_peer_access osmtileAccel allow osmtile_sites
123 <% @renders.each do |renders| -%>
124 cache_peer <%= renders[:hostname] %>.render.openstreetmap.org parent 80 0 no-query originserver name=osmtileAccelBackup<%= renders[:hostname] %> login=PASS connect-timeout=60 no-digest weight=10
125 cache_peer_access osmtileAccelBackup<%= renders[:hostname] %> allow osmtile_sites
128 #----------------------------------
129 #Create an unlimited pool for cache IP addresses
130 acl pool_unlimited src 127.0.0.1
131 <% @caches.each do |cache| -%>
132 <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
133 acl pool_unlimited src <%= address %>
134 acl tile_caches src <%= address %>
138 # Juno Minsk office - me@komzpa.net
139 acl pool_unlimited src 212.98.173.54
141 #Allow tile_caches ICP access
142 icp_access allow tile_caches
144 <% (0..127).each do |i| -%>
145 acl pool_<%= sprintf("%03d", 2*i) %> src <%= 2*i %>.0.0.0/7
149 delay_initial_bucket_level 25
151 <% (1..256).each do |i| -%>
152 delay_class <%= i %> 3
155 # xxxxxxx- -------- xxxxxxxx xxxxxxxx
157 # small pools for !has_referer && is_browser - designed to slow down anyone
158 # using no-referer to bypass blocks due to abusive levels of use.
159 <% (0..127).each do |i| -%>
160 delay_access <%= i+1 %> allow pool_<%= sprintf("%03d", 2*i) %> !pool_unlimited is_fake_browser osmtile_sites
161 delay_access <%= i+1 %> allow pool_<%= sprintf("%03d", 2*i) %> !pool_unlimited !has_referer is_browser osmtile_sites
162 delay_access <%= i+1 %> deny all
163 delay_parameters <%= i+1 %> -1/-1 <%= node[:tilecache][:net_bucket_refill] / 10 %>/<%= node[:tilecache][:net_bucket_size] / 10 %> <%= node[:tilecache][:ip_bucket_refill] / 10 %>/<%= node[:tilecache][:ip_bucket_size] / 10 %>
166 # bigger pools for users providing a referer (assuming it's not blocked)
167 # or non-browser users.
168 <% (0..127).each do |i| %>
169 delay_access <%= i+129 %> allow pool_<%= sprintf("%03d", 2*i) %> !pool_unlimited osmtile_sites
170 delay_access <%= i+129 %> deny all
171 delay_parameters <%= i+129 %> -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %>
174 #----------------------------------
projects / chef.git / blob