From 5b4d331dee733d42b3a2c4aa937f6e8ba6c6d9ab Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Sun, 24 Nov 2019 20:44:36 +0000
Subject: [PATCH] tilecache: limit supported request methods

---
 cookbooks/tilecache/templates/default/nginx_tile.conf.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index 6e964e157..bc41ffbaf 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -105,6 +105,11 @@ server {
     # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
     ssl_early_data on;
 
+    # Only allow GET / HEAD / OPTIONS (CORS) requests
+    limit_except GET HEAD OPTIONS {
+      deny all;
+    }
+
     # Immediately 404 layers we do not support
 <% for i in 20..99 do %>
     location /<%= i %>/ {
-- 
2.43.2