How to block Tor exit node IP addresses
Tor exit nodes are the final point for the Tor network to connect with the internet. As Tor network traffic isn’t encrypted anymore, data being accessed can become visible to the node and possibly result in security concerns or even malicious traffic.
Azion provides the Azion IP Tor Exit Nodes network list to all users registered with Azion. This list can be used to configure a behavior using Rules Engine to block all requests coming from IPs contained in the network list.
Go to Network Lists referenceTo create a rule:
- Access Azion Console > Edge Firewall.
- Select the edge firewall in which you want to configure the rule.
- Click the Rules Engine tab.
- Click the + Rule button.
- Give your rule a name and, optionally, a description.
- In the Criteria section, select the
Networkvariable. - As a comparison operator, select matches.
- As an argument, select the
Azion IP Tor Exit Nodeslist. - In the Behaviors section, select Drop (Close Without Response) from the behavior list.
- Click the Save button.
If your application receives a request generated from an IP that is in the list, the edge firewall will drop the request.
To create a rule:
- Access Real-Time Manager (RTM) > Edge Firewall.
- Select the edge firewall in which you want to configure the rule.
- Click the Rules Engine tab.
- Click the New Rule button.
- Give your rule a name and, optionally, a description.
- In the Criteria section, select the
Networkvariable. - As a comparison operator, select matches.
- As an argument, select the
Azion IP Tor Exit Nodeslist. - In the Behaviors section, select Drop (Close Without Response) from the behavior list.
- Click the Save button.
If your application receives a request generated from an IP that is in the list, the edge firewall will drop the request.
- Run the following
GETrequest to retrieve theidof the Azion IP Tor Exit Nodes list:
curl --location 'https://api.azionapi.net/network_lists' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]'- You’ll receive a response similar to this:
{ "count": 1, "total_pages": 1, "schema_version": 3, "links": { "previous": null, "next": null }, "results": [ { "id": 2, "last_editor": "user@email.com", "last_modified": "2023-11-14T21:35:39.808175Z", "list_type": "ip_cidr", "name": "Azion IP Tor Exit Nodes", "country_list": [], "ip_list": [ "192.168.0.5" ] } ]}- Run the following
POSTrequest in your terminal, replacing[TOKEN VALUE]with your personal token, the<edge_firewall_id>variable with your edge firewall ID, and the<network_list_id>value with the IP Tor Exit Nodes list ID:
curl --location 'https://api.azionapi.net/edge_firewall/<edge_firewall_id>/rules_engine' \--header 'Accept: application/json; version=3' \--header 'Authorization: Token [TOKEN VALUE]' \--header 'Content-Type: application/json' \--data '{ "name": "Block Tor Exit Nodes", "is_active": true, "behaviors": [ { "name": "drop" } ], "criteria": [ [ { "variable": "network", "operator": "is_in_list", "conditional": "if", "argument": "<network_list_id>" } ] ]}'| Key | Description |
|---|---|
name | Name of the rule |
behaviors | Array that stores objects that define behaviors |
criteria | Array that stores objects that define criteria |
See the Azion API documentation to find out more about criteria and behavior objects.
- You’ll receive the following response:
{ "results": { "name": "Block Tor Exit Nodes", "is_active": true, "behaviors": [ { "name": "drop" } ], "criteria": [ [ { "variable": "network", "operator": "is_in_list", "conditional": "if", "argument": "2" } ] ], "last_modified": "2023-12-12T21:36:20.114073Z", "last_editor": "user@email.com", "id": 29268, "order": 5 }, "schema_version": 3}- Wait a few minutes for the changes to propagate.
If your application receives a request generated from an IP that is in the list, the edge firewall will drop the request.
Contributors
