How to block TOR exit nodes from accessing your website on Apache and Nginx

If you ever want to block TOR users from your accessing website completely or block them from accessing specific file(s) / location(s) only for any reasons you may have and you’re running Nginx or Apache, hopefully this post can help you with that.

First thing first, the command used here for both Apache and Nginx were designed to be use in cron because TOR ip often change. But make sure that it’s scheduled for 1 hour at minimum to respect those that gives you free service to lookup tor ip =)

Getting a list of TOR IP Addresses

Before anything else we need to get a list of TOR IP Address, and to do that we have two options (but of course feel free to use your own source if you have one):

  • Use TOR Bulk Exit List from Torproject
  • Use an external sites that list TOR IP Address such as from dan.me.uk

Note: dan.me.uk website only allow you to fetch it every 1 hour only (even if you accidentally clicked it), i choose to not link to the ip address url directly because of that reason and so you have to copy the url directly