[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Exit node blocking site?

Right now you're degrading service for other Tor users that try to go to
groups.google.com, because you trick them into thinking that it resolves
to something else. Also (and you'll perhaps be more motivated by this), if
the user resolves the address into an IP first, you're not blocking that.

I have to do something, because I'm trying to minimize the abuse complaints I get.

The better answer is to change your exit policy to reflect the addresses
and ports that aren't reachable from your server. Then clients will
learn it from your descriptor and not even try to exit from you.

Unfortunately, Google dosen't seperate services by IP (notice the first one).

host groups.google.com
groups.google.com is an alias for groups.l.google.com.
groups.l.google.com has address
groups.l.google.com has address
groups.l.google.com has address

host google.com
google.com has address
google.com has address