]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/overpass/templates/default/apache.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add TOTP token enforcement to overpass
[chef.git] / cookbooks / overpass / templates / default / apache.erb
diff --git a/cookbooks/overpass/templates/default/apache.erb b/cookbooks/overpass/templates/default/apache.erb
index fbf82cf0479fe66d2a142c9aa726294974770206..fea5133feeb15448ed2450cc7aa56f0d00e772c5 100644 (file)
--- a/cookbooks/overpass/templates/default/apache.erb
+++ b/cookbooks/overpass/templates/default/apache.erb
@@ -29,6 +29,10 @@
 
         DocumentRoot <%= @directory %>
 
+        RewriteMap totp prg:/srv/query.openstreetmap.org/apache/totp-filter
+        RewriteCond "${totp:%{HTTP_COOKIE}}" "0"
+        RewriteRule ^.*$ - [F,L]
+
 <% if node[:overpass][:restricted_api] -%>
         ScriptAlias /query-features <%= @script_directory %>/interpreter
         SetEnvIf Origin "http.*(osm.org|openstreetmap.org).*" AccessControlAllowOrigin=$0
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.