31 Oct
2024
31 Oct
'24
3:59 a.m.
On Thu, Oct 31, 2024 at 03:30:09AM +0000, Andy Smith wrote:
Looks like I could probably autogenerate an Apache ACL that lists all Tor exit nodes and bans them from posting to /mailman/accounts/signup.
$ wget -qO - 'https://www.dan.me.uk/torlist/?exit' | sed 's/^/Require not ip /' | sudo tee /etc/apache2/tor-exit-list.conf >/dev/null
# Block access to the signup form from Tor exit nodes.
<Location /mailman/accounts/signup>
<RequireAll>
Require all granted
Include /etc/apache2/tor-exit-list.conf
</RequireAll>
</Location>
Haven't worked out how to restrict it to POST method only yet, and updating the list robustly is a job for tomorrow…
Thanks, Andy