Archives
Archives
| From: | Stroller <stroller@××××××××××××××××××.uk> | ||
|---|---|---|---|
| To: | gentoo-user@l.g.o | ||
| Subject: | Re: [gentoo-user] How can I block incomming tor-traffic? | ||
| Date: | Sat, 06 Jun 2015 13:10:45 | ||
| Message-Id: | 54FDFC08-C1CC-487A-B8F0-28F6A8439407@stellar.eclipse.co.uk | ||
| In Reply to: | [gentoo-user] How can I block incomming tor-traffic? by Jarry |
||
| 1 | On Sat, 6 June 2015, at 12:04 pm, Jarry <mr.jarry@×××××.com> wrote: |
| 2 | > |
| 3 | > … (ip-lookup of source addresses always points |
| 4 | > to tor-exit.watever). How can I block this tor-traffic completely? |
| 5 | > |
| 6 | > How can I feed this list to iptables? Is there some ready-to-use |
| 7 | > solution, or do I have to parse this list through some script |
| 8 | > I have to write first? |
| 9 | |
| 10 | I would have thought you could just have the webserver deny access to the tor-exit.watever domain. |
| 11 | |
| 12 | For Apache, ctrl-f "domain" on this page: http://httpd.apache.org/docs/2.2/howto/access.html |
| 13 | |
| 14 | NB: if you google "how to block tor", DNS based denial seems to be the recommended solution: |
| 15 | |
| 16 | https://www.torproject.org/docs/faq-abuse.html.en#Bans |
| 17 | https://www.torproject.org/projects/tordnsel.html.en |
| 18 | |
| 19 | If you wanted to run a daily "add to iptables script" then you could extract those IPs with: |
| 20 | |
| 21 | curl https://check.torproject.org/exit-addresses | grep ExitAddress | cut -d ' ' -f 2 |
| 22 | |
| 23 | This is a bit primitive, but you can see it works. |
| 24 | |
| 25 | Stroller. |
| Subject | Author |
|---|---|
| Re: [gentoo-user] How can I block incomming tor-traffic? | Jonathan Moseley <techmo7@×××××.com> |