'~^https?://[^.]*\.cellmapper\.net/' 1;
}
+map $http_referer $censored_referer {
+ default 0; # Not denied
+ # Legal Reasons
+ '~^https?://schiebt-sie-ab\.de/' 1;
+ '~^https?://[^.]*\.schiebt-sie-ab\.de/' 1;
+}
+
+
map $http_referer $osm_referer {
default ''; # False
'~^https:\/\/www\.openstreetmap\.org\/' 'osm'; # True
server {
# IPv4
- listen 80 deferred backlog=16384 reuseport fastopen=2048 default_server;
- listen 443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+ listen 80 deferred backlog=16384 reuseport default_server;
+ listen 443 ssl deferred backlog=16384 reuseport http2 default_server;
# IPv6
- listen [::]:80 deferred backlog=16384 reuseport fastopen=2048 default_server;
- listen [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+ listen [::]:80 deferred backlog=16384 reuseport default_server;
+ listen [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
server_name localhost;
proxy_buffers 8 64k;
<% end %>
# Immediately 404 silly tile requests
+ location = /0/-1/-1.png {
+ return 404;
+ }
+ location = /0/-1/0.png {
+ return 404;
+ }
+ location = /0/-1/1.png {
+ return 404;
+ }
location = /0/0/-1.png {
return 404;
}
- location = /1/0/-1.png {
+ location = /0/0/1.png {
return 404;
}
- location = /1/-1/0.png {
+ location = /0/0/2.png {
return 404;
}
- location = /1/-1/1.png {
+ location = /0/1/-1.png {
+ return 404;
+ }
+ location = /0/1/0.png {
+ return 404;
+ }
+ location = /0/1/1.png {
+ return 404;
+ }
+ location = /0/1/2.png {
+ return 404;
+ }
+ location = /0/2/0.png {
+ return 404;
+ }
+ location = /0/2/1.png {
+ return 404;
+ }
+ location = /0/2/2.png {
return 404;
}
location = /1/-1/-1.png {
return 404;
}
+ location = /1/-1/0.png {
+ return 404;
+ }
+ location = /1/-1/1.png {
+ return 404;
+ }
location = /1/-1/2.png {
return 404;
}
- location = /1/1/-1.png {
+ location = /1/0/-1.png {
return 404;
}
- location = /1/2/-1.png {
+ location = /1/1/-1.png {
return 404;
}
- location = /2/0/-1.png {
+ location = /1/2/-1.png {
return 404;
}
location = /2/-1/0.png {
location = /2/-1/1.png {
return 404;
}
+ location = /2/-1/2.png {
+ return 404;
+ }
+ location = /2/-1/3.png {
+ return 404;
+ }
+ location = /2/0/-1.png {
+ return 404;
+ }
location = /2/1/-1.png {
return 404;
}
- location = /2/-1/2.png {
+ location = /2/1/4.png {
return 404;
}
- location = /2/-1/3.png {
+ location = /2/2/4.png {
+ return 404;
+ }
+ location = /2/3/4.png {
+ return 404;
+ }
+ location = /2/4/0.png {
+ return 404;
+ }
+ location = /2/4/1.png {
+ return 404;
+ }
+ location = /2/4/2.png {
+ return 404;
+ }
+ location = /2/4/3.png {
+ return 404;
+ }
+ location = /2/4/4.png {
return 404;
}
# Replace host header.
proxy_set_header Host 'tile.openstreetmap.org';
- # Do not pass cookies to backends.
- proxy_set_header Cookie '';
- # Do not pass Accept-Encoding to backends.
- proxy_set_header Accept-Encoding '';
- # Do not pass Accept to backends.
- proxy_set_header Accept '';
- # Do not pass Accept-Language to backends as unused.
- proxy_set_header Accept-Language '';
- proxy_set_header Accept-Charset '';
- # Do not send origin, we allow all.
- proxy_set_header origin '';
- # Do not pass invalid headers to backend.
- proxy_set_header X-Forwarded-Host '';
- proxy_set_header X-Host '';
- proxy_set_header Authorization '';
- proxy_set_header Proxy-Authorization '';
-
- # Drop partial requests
- proxy_set_header range '';
+ # Drop all request headers and request body
+ proxy_pass_request_headers off;
+ proxy_pass_request_body off;
# Do not allow setting cookies from backends due to caching.
proxy_ignore_headers Set-Cookie;
return 418;
}
+ if ($censored_referer) {
+ set $limit_rate 512;
+ return 451 "Unavailable For Legal Reasons";
+ }
+
# Strip any ?query parameters from urls
set $args '';
projects / chef.git / blobdiff