X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/7007a32e4f0133e7b33435746b19aa9c4de10985..2d62f5d569f1ef80d83eb6dab513159994da6660:/cookbooks/nominatim/recipes/default.rb

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 5dedfd4e7..a8009759f 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -306,6 +306,7 @@ apache_module "proxy"
 apache_module "proxy_fcgi"
 apache_module "proxy_http"
 apache_module "headers"
+apache_module "reqtimeout"
 
 service "php7.0-fpm" do
   action [:enable, :start]
@@ -352,8 +353,12 @@ end
 
 include_recipe "fail2ban"
 
+web_servers = search(:node, "recipes:web\\:\\:frontend").collect do |n| # ~FC010
+  n.ipaddresses(:role => :external)
+end.flatten
+
 fail2ban_filter "nominatim" do
-  failregex '^<HOST> - - \[\] "[^"]+" 429 '
+  failregex '^<HOST> - - \[\] "[^"]+" (408|429) '
 end
 
 fail2ban_jail "nominatim" do
@@ -361,6 +366,7 @@ fail2ban_jail "nominatim" do
   logpath "/var/log/apache2/nominatim.openstreetmap.org-access.log"
   ports [80, 443]
   maxretry 100
+  ignoreips web_servers
 end
 
 munin_plugin_conf "nominatim" do