From 4acd54cbeaa45658a53217b960bed6a57caf80e1 Mon Sep 17 00:00:00 2001
From: Sarah Hoffmann <lonvia@denofr.de>
Date: Sat, 25 Apr 2020 10:03:00 +0200
Subject: [PATCH] nominatim: add fail2ban filter for rate limited IP

---
 cookbooks/nominatim/recipes/default.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 04cedf1fe..d89891137 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -401,3 +401,12 @@ directory "#{basedir}/status" do
   group "postgres"
   mode 0o775
 end
+
+include_recipe "fail2ban"
+
+fail2ban_jail "nominatim_limit_req" do
+  filter "nginx-limit-req"
+  logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
+  ports [80, 443]
+  maxretry 5
+end
-- 
2.39.5