]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/nominatim/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use fail2ban to block nominatim abusers
[chef.git] / cookbooks / nominatim / recipes / default.rb
diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 14b1852b5ff2535b3d6c859228e3546287049dd2..df5f6618f89dcb38d35387f70998a74f4f0f7ed2 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -284,3 +284,14 @@ directory "/data/postgresql-archive" do
   mode 0700
   only_if { node[:postgresql][:settings][:defaults][:archive_mode] == "on" }
 end
   mode 0700
   only_if { node[:postgresql][:settings][:defaults][:archive_mode] == "on" }
 end
+
+fail2ban_filter "nominatim" do
+  failregex '^<HOST> - - \[[^]]+\] "[^"]+" (403|429) '
+end
+
+fail2ban_jail "nominatim" do
+  filter "nominatim"
+  logpath "/var/log/apache2/nominatim.openstreetmap.org-access.log"
+  ports [80, 443]
+  maxretry 100
+end
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.