X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/4d39febeaf6a24aaa1f672e0c9c76502f30332f1..caf459ca2a01126a9d78a5672716d846eb7a9700:/cookbooks/tilecache/templates/default/squid.conf.erb

diff --git a/cookbooks/tilecache/templates/default/squid.conf.erb b/cookbooks/tilecache/templates/default/squid.conf.erb
index 8c0cdc37e..2680bcfbb 100644
--- a/cookbooks/tilecache/templates/default/squid.conf.erb
+++ b/cookbooks/tilecache/templates/default/squid.conf.erb
@@ -23,9 +23,23 @@ acl osmtileScrapers browser MSIE.7\.0.*Windows.NT.5\.1.*2\.0\.50727.$
 acl osmtileScrapers browser MSIE.5.5
 acl osmtileScrapers browser ^LoadOSM\.exe$
 acl osmtileScrapers browser ^app_name$
-acl osmtileScrapers browser ^osmdroid$ # app using osmdroid library not setting app-specific User-Agent
+# TEMPORARY unblock of osmdroid-based apps which should be setting their unique
+# User-Agent, but aren't. Re-block on/near 2016-08-29.
+#acl osmtileScrapers browser ^osmdroid$ # app using osmdroid library not setting app-specific User-Agent
 #acl osmtileScrapers browser ^Mozilla/5\.0 \(Windows NT 5\.1\)$ # Faked User-Agent
 
+acl is_fake_browser browser Firefox\/3\.0
+acl is_fake_browser browser Firefox\/4\.0
+acl is_fake_browser browser Firefox\/5\.0
+acl is_fake_browser browser Firefox\/6\.0
+acl is_fake_browser browser Firefox\/7\.0
+acl is_fake_browser browser Firefox\/8\.0
+acl is_fake_browser browser Firefox\/9\.0
+acl is_fake_browser browser Firefox\/10\.0
+acl is_fake_browser browser Firefox\/11\.0
+acl is_fake_browser browser Firefox\/12\.0
+acl is_fake_browser browser Firefox\/13\.0
+
 http_access deny osmtile_sites osmtileScrapers
 
 acl osmtileOverusers referer_regex ^https?://pmap\.kuku\.lu/
@@ -104,22 +118,29 @@ acl pool_unlimited src 185.52.244.32/29
 #Allow tile_caches ICP access
 icp_access allow tile_caches
 
-<% (0..127).each do |i| %>
+<% (0..127).each do |i| -%>
 acl pool_<%= sprintf("%03d", 2*i) %> src <%= 2*i %>.0.0.0/7
 <% end %>
 
 delay_pools 256
 delay_initial_bucket_level 25
 
-<% (0..255).each do |i| %>
-delay_class <%= i+1 %> 3
+<% (1..256).each do |i| -%>
+delay_class <%= i %> 3
 <% end %>
 #bit mask
 # xxxxxxx- -------- xxxxxxxx xxxxxxxx
 
+# small pools for faked browsers
+<% (0..127).each do |i| -%>
+delay_access <%= i+1 %> allow pool_<%= sprintf("%03d", 2*i) %> !pool_unlimited is_fake_browser osmtile_sites
+delay_access <%= i+1 %> deny all
+delay_parameters <%= i+1 %> -1/-1 <%= node[:tilecache][:net_bucket_refill] / 30 %>/<%= node[:tilecache][:net_bucket_size] / 30 %> <%= node[:tilecache][:ip_bucket_refill] / 30 %>/<%= node[:tilecache][:ip_bucket_size] / 30 %>
+<% end %>
+
 # small pools for !has_referer && is_browser - designed to slow down anyone
 # using no-referer to bypass blocks due to abusive levels of use.
-<% (0..127).each do |i| %>
+<% (0..127).each do |i| -%>
 delay_access <%= i+1 %> allow pool_<%= sprintf("%03d", 2*i) %> !pool_unlimited !has_referer is_browser osmtile_sites
 delay_access <%= i+1 %> deny all
 delay_parameters <%= i+1 %> -1/-1 <%= node[:tilecache][:net_bucket_refill] / 10 %>/<%= node[:tilecache][:net_bucket_size] / 10 %> <%= node[:tilecache][:ip_bucket_refill] / 10 %>/<%= node[:tilecache][:ip_bucket_size] / 10 %>
@@ -128,7 +149,7 @@ delay_parameters <%= i+1 %> -1/-1 <%= node[:tilecache][:net_bucket_refill] / 10
 # bigger pools for users providing a referer (assuming it's not blocked)
 # or non-browser users.
 <% (0..127).each do |i| %>
-delay_access <%= i+129 %> allow pool_<%= sprintf("%03d", 2*i)) %> !pool_unlimited osmtile_sites
+delay_access <%= i+129 %> allow pool_<%= sprintf("%03d", 2*i) %> !pool_unlimited osmtile_sites
 delay_access <%= i+129 %> deny all
 delay_parameters <%= i+129 %> -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %>
 <% end %>