From: Sarah Hoffmann <lonvia@denofr.de>
Date: Wed, 7 Feb 2018 20:39:04 +0000 (+0100)
Subject: nominatim: reinstate fail2ban on restricted_ips.log
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/9be289f6ca62466cd80a1ee4cf8a7c819b3831b8?hp=51a6087726de83e667061b3a97194e94ea130779

nominatim: reinstate fail2ban on restricted_ips.log

This file is smaller so that fail2ban hopefully can handle it.
---

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 05227bb46..d667db3cf 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -370,6 +370,19 @@ template "/etc/logrotate.d/apache2" do
   mode 0o644
 end
 
+include_recipe "fail2ban"
+
+fail2ban_filter "nominatim" do
+  failregex "Warning ignored: <HOST>"
+end
+
+fail2ban_jail "nominatim" do
+  filter "nominatim"
+  logpath "#{node[:nominatim][:logdir]}/restricted_ips.log"
+  ports [80, 443]
+  maxretry 3
+end
+
 munin_plugin_conf "nominatim" do
   template "munin.erb"
   variables :db => node[:nominatim][:dbname],