How to block Tor exit node IP addresses

Tor exit nodes are the final point for the Tor network to connect with the internet. As Tor network traffic isn’t encrypted anymore, data being accessed can become visible to the node and possibly result in security concerns or even malicious traffic.

Azion provides the Azion IP Tor Exit Nodes network list to all users registered with Azion. This list can be used to configure a behavior using Rules Engine to block all requests coming from IPs contained in the network list.

go to network lists reference

Via Azion Console

Section titled Via Azion Console

To create a rule:

  1. Access Azion Console > Edge Firewall.
  2. Select the edge firewall in which you want to configure the rule.
  3. Click the Rules Engine tab.
  4. Click the New Rule button.
  5. Give your rule a name and, optionally, a description.
  6. In the Criteria section, select the Network variable.
  7. As a comparison operator, select matches.
  8. As an argument, select the Azion IP Tor Exit Nodes list.
  9. In the Behaviors section, select Drop (Close Without Response) from the behavior list.
  10. Click the Save button.

If your application receives a request generated from an IP that is in the list, the edge firewall will drop the request.

Via API

Section titled Via API
  1. Run the following GET request to retrieve the id of the Azion IP Tor Exit Nodes list:
Terminal window
curl --location 'https://api.azionapi.net/network_lists' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]'
  1. You’ll receive a response similar to this:
{
  "count": 1,
  "total_pages": 1,
  "schema_version": 3,
  "links": {
    "previous": null,
    "next": null
  },
  "results": [
    {
      "id": 2,
      "last_editor": "user@email.com",
      "last_modified": "2023-11-14T21:35:39.808175Z",
      "list_type": "ip_cidr",
      "name": "Azion IP Tor Exit Nodes",
      "country_list": [],
      "ip_list": [
        "192.168.0.5"
      ]
    }
  ]
}
  1. Run the following POST request in your terminal, replacing [TOKEN VALUE] with your personal token, the <edge_firewall_id> variable with your edge firewall ID, and the <network_list_id> value with the IP Tor Exit Nodes list ID:
Terminal window
curl --location 'https://api.azionapi.net/edge_firewall/<edge_firewall_id>/rules_engine' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
    "name": "Block Tor Exit Nodes",
    "is_active": true,
    "behaviors": [
        {
            "name": "drop"
        }
    ],
    "criteria": [
        [
            {
                "variable": "network",
                "operator": "is_in_list",
                "conditional": "if",
                "argument": "<network_list_id>"
            }
        ]
    ]
}'
KeyDescription
nameName of the rule
behaviorsArray that stores objects that define behaviors
criteriaArray that stores objects that define criteria

See the Azion API documentation to find out more about criteria and behavior objects.

  1. You’ll receive the following response:
{
  "results": {
    "name": "Block Tor Exit Nodes",
    "is_active": true,
    "behaviors": [
      {
        "name": "drop"
      }
    ],
    "criteria": [
      [
        {
          "variable": "network",
          "operator": "is_in_list",
          "conditional": "if",
          "argument": "2"
        }
      ]
    ],
    "last_modified": "2023-12-12T21:36:20.114073Z",
    "last_editor": "user@email.com",
    "id": 29268,
    "order": 5
  },
  "schema_version": 3
}
  1. Wait a few minutes for the changes to propagate.

If your application receives a request generated from an IP that is in the list, the edge firewall will drop the request.



Contributors