From: Grant Slater <git@firefishy.com>
Date: Tue, 17 Dec 2013 15:56:34 +0000 (+0000)
Subject: tilecache: Add path whitelist + blacklist to avoid false positive IDS @ ISP
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/51ba2f73ed38769862ce44a767ffbd954bf653f9

tilecache: Add path whitelist + blacklist to avoid false positive IDS @ ISP
---

diff --git a/cookbooks/tilecache/templates/default/squid.conf.erb b/cookbooks/tilecache/templates/default/squid.conf.erb
index 831fd60d5..205219f86 100644
--- a/cookbooks/tilecache/templates/default/squid.conf.erb
+++ b/cookbooks/tilecache/templates/default/squid.conf.erb
@@ -4,6 +4,17 @@ acl osmtiles_png urlpath_regex .png$
 #acl osmtileScrapers browser ^offlinemap\-lite
 #http_access deny osmtile_sites osmtileScrapers
 
+acl whitelist_path urlpath_regex ^/cgi-bin/(export|debug)$
+acl blacklist_path urlpath_regex ^/cgi-bin/
+acl blacklist_path urlpath_regex ^/MyAdmin/
+acl blacklist_path urlpath_regex ^/myadmin/
+acl blacklist_path urlpath_regex ^/pma/
+acl blacklist_path urlpath_regex ^/phpmyadmin/
+acl blacklist_path urlpath_regex ^/phpMyAdmin/
+
+http_access allow osmtile_sites whitelist_path
+http_access deny blacklist_path
+
 http_access allow osmtile_sites
 
 acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$