How to block TOR exit nodes from accessing your website on Apache and Nginx

If you ever want to block TOR users from your accessing website completely or block them from accessing specific file(s) / location(s) only for any reasons you may have and you’re running Nginx or Apache, hopefully this post can help you with that.

First thing first, the command used here for both Apache and Nginx were designed to be use in cron because TOR ip often change. But make sure that it’s scheduled for 1 hour at minimum to respect those that gives you free service to lookup tor ip =)

Getting a list of TOR IP Addresses

Before anything else we need to get a list of TOR IP Address, and to do that we have two options (but of course feel free to use your own source if you have one):

  • Use TOR Bulk Exit List from Torproject
  • Use an external sites that list TOR IP Address such as from

Note: website only allow you to fetch it every 1 hour only (even if you accidentally clicked it), i choose to not link to the ip address url directly because of that reason and so you have to copy the url directly

How to use CoralCDN to help reduce bandwidth usage / server resources

If you have noticed since several weeks ago (if i recall it correctly because i completely forgot since when i enabled this although it’s not really that far lol) when you visited this domain name, sometimes you’ll see request appended on (like and if you’re wondering on why there are several request made to that domain? then here in this post i’m going to explain it

So basically is a domain name used by CoralCDN (a free Content Delivery Network) that allows you (as a website owner) to utilize their CDN Service to serve your content directly from their servers. And in most case, usually CoralCDN is used by many site owners when their website that is hosted on small server / shared hosting got linked from many popular website such as Digg, Slashdot, Reddit, etc. to help them survive the effect (Check this wikipedia page for more info) … although it can be used for any other purpose as well … like for example if you host your site from your own computer that doesn’t have enough bandwidth to supply all your site visitors, or just simply want to reduce the load on your server, or perhaps just to save bandwidth :D

And so without further ado, here’s on how to use CoralCDN as your personal site saver :)

Note: This is tested on Apache Web Server 2.2, and also make sure to enable mod_rewrite and mod_headers before continuing with this process

How to redirect visitors to a temporary Maintenance Page

Ever want to redirect your site visitors to a temporary maintenace page while you’re doing some maintenance behind the scene, but you don’t know how?.

The answer to that problem is simple, as long as you have access to edit your .htaccess file (some web hosting company doesn’t allow you to edit the .htaccess file, and that’s why i tell you beforehand) :)

And here are the complete instruction :

1. Create a new html page saying that this site under maintenance or anything you like :) , and save it as maintenance.html (this is just an example, feel free to use another filename)

2. Edit your .htaccess file in your root public_html directory

Hostgator Tips : Temporarily disable ModSecurity

If you’re hosted on Hostgator or any other host that use Modsecurity to protect their web server, you might notice some problems especially if you try to post something that has forbidden words / string in it (a good example is my previous post about Hostgator SSH Access). It seems the Hostgator modsecurity filter doesn’t allow some words in my previous post, so you’ll get HTTP 406 / Not Acceptable message (if you look at the http status header manually)

So what’s the best solution without compromising your system security ? .. you can add the below lines into .htaccess to disable modsecurity when you try to post something to your blog :

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off

The above lines means : If modsecurity is found, it’ll disable the filtering function. If modsecurity not found it’ll do no harm to your server

Force WWW on your Domain / URL

Because i’ve been getting queries from search engine from someone who want his domain name always use the www version instead of non www version, i decided to post it again. Well although i’ve already write about this before, but it seems for some people they don’t know which part is the force www.

And because i’ve already explained it before, i’m not going into much detail and don’t forget to put this in your .htaccess file :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.your-domain-name\.com  [NC]
RewriteRule ^(.*)$$1 [R=301,L]

CPanel Addon Domain Redirect

So you just bought a new domain name but you don’t want to buy another webhosting plan because your current webhosting allowed you to host multiple domain under one account so you decided not to buy another hosting. Although addon domain can be set up easily, but depending on your host configuration especially if they use CPanel and didn’t change where the addondomain location should be placed (in this case the addon domain was placed as a sub-directory in your primary domain when you registered with them), you might know that you can access your addon domain name like below for an example:

And if that’s bothering you, the you can use this .htaccess code. Just make sure to place the .htaccess inside the root of your addon domain directory for example /public_html/addondomainname/.htaccess. And feel free to adjust whether you want www placed in front of your addon domain name or not (assuming that you have configured www in your DNS configuration)

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.addondomain\.com [NC]
RewriteRule ^(.*)$$1 [R=301,L]