From 643919a8a61515129716f9410fe3a13a52893abd Mon Sep 17 00:00:00 2001 From: Sarah Hoffmann Date: Fri, 24 Apr 2020 22:42:23 +0200 Subject: [PATCH] nominatim: fix limit key for request limiting --- .../nominatim/templates/default/nginx.erb | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb index ee1f4a070..07ff0a52e 100644 --- a/cookbooks/nominatim/templates/default/nginx.erb +++ b/cookbooks/nominatim/templates/default/nginx.erb @@ -17,23 +17,23 @@ upstream nominatim_service { } # Whitelisted IPs -geo $limit { - default 1; - 2001:978:2:2c::172:6 0; - 2001:978:2:2c::172:7 0; - 2001:978:2:2c::172:8 0; - 2001:978:2:2c::172:b 0; - 2001:978:2:2c::172:c 0; - 2001:978:2:2c::172:d 0; - 130.117.76.6 0; - 130.117.76.7 0; - 130.117.76.8 0; - 89.16.162.21 0; - 89.16.162.22 0; - 46.235.224.148 0; - 209.132.180.180 0; - 209.132.180.168 0; - 8.43.85.23 0; # gnome +geo $whitelisted { + default 0; + 2001:978:2:2c::172:6 1; + 2001:978:2:2c::172:7 1; + 2001:978:2:2c::172:8 1; + 2001:978:2:2c::172:b 1; + 2001:978:2:2c::172:c 1; + 2001:978:2:2c::172:d 1; + 130.117.76.6 1; + 130.117.76.7 1; + 130.117.76.8 1; + 89.16.162.21 1; + 89.16.162.22 1; + 46.235.224.148 1; + 209.132.180.180 1; + 209.132.180.168 1; + 8.43.85.23 1; # gnome } map $http_user_agent $blocked_user_agent { @@ -46,9 +46,9 @@ map $http_referer $blocked_referrer { include <%= @confdir %>/nginx_blocked_referrer.conf; } -map $limit $limit_key { - 0 ""; - 1 $binary_remote_addr; +map $whitelisted $limit_www { + 1 ""; + 0 $binary_remote_addr; } map $blocked_user_agent $limit_tarpit { @@ -57,7 +57,7 @@ map $blocked_user_agent $limit_tarpit { 2 $binary_remote_addr; } -limit_req_zone $limit zone=www:50m rate=2r/s; +limit_req_zone $limit_www zone=www:50m rate=2r/s; limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s; limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m; -- 2.45.1