From cb1701c4f006820d9759bb7db56c82b82aa4335e Mon Sep 17 00:00:00 2001
From: Sarah Hoffmann <lonvia@denofr.de>
Date: Wed, 27 Mar 2024 11:32:23 +0100
Subject: [PATCH] nominatim: refuse to geocode IP addresses

---
 cookbooks/nominatim/templates/default/nginx.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 6aa07dbe1..e15099c05 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -201,6 +201,8 @@ server {
         { return 403; }
         if ($blocked_path)
         { return 403; }
+        if ($args ~* "q=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[ &]")
+        { return 418; }
         include <%= @confdir %>/nginx_blocked_generic.conf;
 
         limit_req zone=www burst=10;
-- 
2.45.1