On Thu, Oct 31, 2024 at 03:30:09AM +0000, Andy Smith wrote:
Looks like I could probably autogenerate an Apache ACL that lists all Tor exit nodes and bans them from posting to /mailman/accounts/signup.
$ wget -qO - 'https://www.dan.me.uk/torlist/?exit' | sed 's/^/Require not ip /' | sudo tee /etc/apache2/tor-exit-list.conf >/dev/null
# Block access to the signup form from Tor exit nodes. <Location /mailman/accounts/signup> <RequireAll> Require all granted Include /etc/apache2/tor-exit-list.conf </RequireAll> </Location>Haven't worked out how to restrict it to POST method only yet, and updating the list robustly is a job for tomorrow…
On 10/31/24 04:59, Andy Smith wrote: thanks a lot for this. as i'm facing the same problem, i took your code, hopefully filling in the missing parts correctly:
<Location /accounts/signup>
<Limit POST PUT DELETE>
order allow,deny
allow from all
Include /var/www/tor-exit-list.conf
</Limit>
</Location>
using this script to update the list of exit-nodes:
#!/bin/sh
if [ $# -lt 1 ]; then
cat >/dev/stderr <<EOF
usage: $0 <outfile> [<outfile> ...]
e.g. $0 /var/www/tor-exit-list.conf
EOF
exit 1
fi
url='https://www.dan.me.uk/torlist/?exit'
outfile=$(mktemp)
trap 'rm -f "${outfile}"' EXIT INT TERM
curl -s -o "${outfile}" --fail "${url}" || exit 1
sed -e "s/^/deny from /" "${outfile}" | tee "$@" >/dev/null
(as i'm tracking /etc with etckeeper, i'd rather not write the data to the config-directory)
mfgdasr IOhannes
Die Inhaltsfilterung von Mailman hat die folgenden MIME-Teile aus dieser Nachricht entfernt.
Content-Type: application/pgp-keys Name: OpenPGP_0xB65019C47F7A36F8.asc