1 |
You have to configure it to block all tor proxies. I don't own any servers |
2 |
but that seems like the most logical thing to do. |
3 |
|
4 |
On Sat, Jun 6, 2015, 09:12 Stroller <stroller@××××××××××××××××××.uk> wrote: |
5 |
|
6 |
> |
7 |
> On Sat, 6 June 2015, at 12:04 pm, Jarry <mr.jarry@×××××.com> wrote: |
8 |
> > |
9 |
> > … (ip-lookup of source addresses always points |
10 |
> > to tor-exit.watever). How can I block this tor-traffic completely? |
11 |
> > |
12 |
> > How can I feed this list to iptables? Is there some ready-to-use |
13 |
> > solution, or do I have to parse this list through some script |
14 |
> > I have to write first? |
15 |
> |
16 |
> I would have thought you could just have the webserver deny access to the |
17 |
> tor-exit.watever domain. |
18 |
> |
19 |
> For Apache, ctrl-f "domain" on this page: |
20 |
> http://httpd.apache.org/docs/2.2/howto/access.html |
21 |
> |
22 |
> NB: if you google "how to block tor", DNS based denial seems to be the |
23 |
> recommended solution: |
24 |
> |
25 |
> https://www.torproject.org/docs/faq-abuse.html.en#Bans |
26 |
> https://www.torproject.org/projects/tordnsel.html.en |
27 |
> |
28 |
> If you wanted to run a daily "add to iptables script" then you could |
29 |
> extract those IPs with: |
30 |
> |
31 |
> curl https://check.torproject.org/exit-addresses | grep ExitAddress | |
32 |
> cut -d ' ' -f 2 |
33 |
> |
34 |
> This is a bit primitive, but you can see it works. |
35 |
> |
36 |
> Stroller. |
37 |
> |
38 |
> |
39 |
> |