On 10/02/2015 12:44 AM, Moritz Bartl wrote: > On 10/01/2015 08:55 PM, CJ wrote: >> I'm wondering if I could configure an exit proxy between my exit node >> and the clear net in order to deny accesses to specific URL parts, >> like "wp-login.php" and other well-known stuff. > > No, this is not possible in any useful way, sorry. You will mess with > user traffic, which is something you should never do. It will break > stuff for regular users. I strongly advise against this, and if it is > detected your relay will be blacklisted for exiting. Also, you might > open yourself to severe liability issues if you modify or influence > forwarded traffic. As an example, §512 of the US DMCA law only applies > if "[...] the transmission, routing, provision of connections, or > storage is carried out through an automatic technical process without > selection of the material by the service provider" and "the material is > transmitted through the system or network without modification of its > content" [1]. Similar passages exist in any country where I have looked > at the laws, including all of European Union through 'harmonization' of > each countries laws to meet the requirements of the respective EU > directive [2]. The relevant laws of several countries are linked in the > "Tor Exit Guidelines" (please add more countries). [3] > > What you should do instead is convince your ISP to have you listed as > the abuse contact for the IP address so you don't add to their workload. > Some ISPs have written scripts that forward abuse complaints to their > customers automatically based on custom IP addresses mentioned in the mails. > > [1] https://www.law.cornell.edu/uscode/text/17/512 > [2] > http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:En:HTML > [3] https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines >
Hello Moritz, thank you for your feedback. I'll try to convince my provider to put me as "abuse contact" so that I can handle those emails without having to make 10'000 emails (to the provider, to the "victim" and so on), but I'm pretty sure they won't: they already didn't want to deactivate their "netscan" thing that triggers alarm for nothing as well, though I already told them the IP is dedicated, running on a dedicated instance, that runs only Tor as exit… I'm pretty sure I'll have to cut this exit down, and won't be able to run a new one elsewhere :(. The proxy thing was an elegant solution, displaying a 403 error when people try to access the pages — but indeed, this can as well deny access by legit users… It's a pity seeing that many bots using Tor, and we cannot do anything against this kind of usage (well, of course, this is intended ;) ). Cheers, C. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
