From: Sarah Hoffmann <lonvia@denofr.de>
Date: Thu, 26 Oct 2017 14:32:34 +0000 (+0200)
Subject: remove fail2ban rules for nominatim
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/187b30dbd6dec0b999b39ca30152ab97fe851c7f?ds=sidebyside

remove fail2ban rules for nominatim

fail2ban is simply too slow to handle our amount
of traffic.
---

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 53529704c..05227bb46 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -370,24 +370,6 @@ template "/etc/logrotate.d/apache2" do
   mode 0o644
 end
 
-include_recipe "fail2ban"
-
-web_servers = search(:node, "recipes:web\\:\\:frontend").collect do |n| # ~FC010
-  n.ipaddresses(:role => :external)
-end.flatten
-
-fail2ban_filter "nominatim" do
-  failregex '^<HOST> - - \[\] "[^"]+" (408|429) '
-end
-
-fail2ban_jail "nominatim" do
-  filter "nominatim"
-  logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-access.log"
-  ports [80, 443]
-  maxretry 100
-  ignoreips web_servers
-end
-
 munin_plugin_conf "nominatim" do
   template "munin.erb"
   variables :db => node[:nominatim][:dbname],