We've had problems with users using Tor to mask their IPs and then harass users on the forum. This script generates a dynamic, top-level .htaccess file for the site that blocks all the Tor exit nodes that can access forum.fractalaudio.com on ports 80 and 443. Because this list of IPs is dynamic, changing, this script is meant to be run as a cron job every so often on the forum server.
To test the script on your OS X machine:
./htaccess-generator.rb --user $(whoami) --group staff
Once run, you should see .htaccess file on disk that has a long list of Deny IP addresses in it that were gathered from the Tor project's master exit node catalog.
To run the script on the forum server, setup a cronjob for the xenforo user that looks like this:
0 * * * * /path/to/htaccess-generator.rb --user xenforo --group xenforo --path /var/xenforo/www
This will run the script every hour and regenerate the /var/xenforo/www/.htaccess file. The file is moved in to place in a single, atomic rename() so there's never a point in time where the site is running without a top-level .htaccess file.
It's fairly generic Ruby and should run just fine with Ruby 2.0 and beyond which is the system Ruby on the Linux instance that runs the forum.
- Ian Chesal [email protected]