tilecache: Add path whitelist + blacklist to avoid false positive IDS @ ISP
authorGrant Slater <git@firefishy.com>
Tue, 17 Dec 2013 15:56:34 +0000 (15:56 +0000)
committerGrant Slater <git@firefishy.com>
Tue, 17 Dec 2013 15:56:43 +0000 (15:56 +0000)
cookbooks/tilecache/templates/default/squid.conf.erb

index 831fd60d5351f0135a9f0a704077697003e20c4d..205219f86b4b04db2b2d02bc4b6c528519a8c0b8 100644 (file)
@@ -4,6 +4,17 @@ acl osmtiles_png urlpath_regex .png$
 #acl osmtileScrapers browser ^offlinemap\-lite
 #http_access deny osmtile_sites osmtileScrapers
 
+acl whitelist_path urlpath_regex ^/cgi-bin/(export|debug)$
+acl blacklist_path urlpath_regex ^/cgi-bin/
+acl blacklist_path urlpath_regex ^/MyAdmin/
+acl blacklist_path urlpath_regex ^/myadmin/
+acl blacklist_path urlpath_regex ^/pma/
+acl blacklist_path urlpath_regex ^/phpmyadmin/
+acl blacklist_path urlpath_regex ^/phpMyAdmin/
+
+http_access allow osmtile_sites whitelist_path
+http_access deny blacklist_path
+
 http_access allow osmtile_sites
 
 acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$