A simple Nginx module to block access from Tor exit nodes.
- Blocks requests from Tor exit nodes
- Regularly updates the list of Tor exit nodes
- Easy to configure and integrate with Nginx
- Per-location and per-server configuration
π Complete Documentation - Comprehensive guides, tutorials, and reference materials
π¬ Community Discussions - Ask questions, share experiences, and get help from the community
- π Home - Overview and getting started
- π¦ Installation Guide - Step-by-step installation instructions
- π¨ Building from Source - Compile the module yourself
- π Configuration Reference - Complete directive documentation
- βοΈ Basic Configuration - Simple setup examples
- π Advanced Configuration - Complex policies and patterns
- π Context Hierarchy - Understanding configuration inheritance
- π― Site-Specific Blocking - Per-site configuration
- π£οΈ Path-Based Blocking - URL-specific rules
- π Server-Wide Blocking - Global configuration
- π Mixed Policies - Combining different approaches
- π₯ Module Loading - Loading and initializing the module
- π§ͺ Testing Procedures - Validate functionality and performance
- π§ Troubleshooting Guide - Solve common issues
- β‘ Performance Tuning - Optimize for your environment
- π Monitoring & Logging - Observability and metrics
- π οΈ Development Setup - Contributing and development environment
src/β Nginx module source codedebian/β Packaging files (for building .deb packages)conf/β Example configuration
π For detailed build instructions and installation guides, see the Building from Source and Installation Guide wiki pages.
πΎ Pre-built packages are available on the Releases page for Ubuntu 22.04/24.04/25.04 with various Nginx versions.
- Nginx installed on your system
- Nginx source code matching your installed version
- Build tools: gcc, make, wget
- Development libraries: libpcre3-dev, zlib1g-dev
You can install the prerequisites on Ubuntu/Debian:
sudo apt-get update
sudo apt-get install build-essential gcc libpcre3-dev zlib1g-dev wgetOn CentOS/RHEL:
sudo yum groupinstall "Development Tools"
sudo yum install pcre-devel zlib-devel wget-
Clone this repository:
git clone https://github.com/RumenDamyanov/nginx-torblocker.git cd nginx-torblocker -
Download and extract the Nginx source for your version:
# Check your Nginx version first nginx -v # Download matching source (example for 1.26.0) wget https://nginx.org/download/nginx-1.26.0.tar.gz tar xzf nginx-1.26.0.tar.gz cd nginx-1.26.0
-
Configure and build the module:
# Configure Nginx with the module ./configure --add-dynamic-module=../src # Build only the modules (not full Nginx) make modules
-
Install the module:
# Copy to your Nginx modules directory sudo cp objs/ngx_http_torblocker_module.so /usr/lib/nginx/modules/ # Or to a custom location sudo cp objs/ngx_http_torblocker_module.so /etc/nginx/modules/
Add to the top of your nginx.conf:
load_module modules/ngx_http_torblocker_module.so;See conf/test.conf for a full example. Basic usage:
http {
torblock on;
}π For complete configuration details, see the Configuration Reference wiki page.
| Directive | Context | Default | Description |
|---|---|---|---|
torblock |
http, server, location | off |
Enable/disable Tor blocking |
torblock_list_url |
http, server, location | Auto-detected | URL for Tor exit node list |
torblock_update_interval |
http, server, location | 3600000 |
Update interval in milliseconds (1 hour) |
The module supports configuration at three levels with inheritance:
- HTTP context: Global default for all servers
- Server context: Per virtual host settings
- Location context: Per URL path settings
Child contexts inherit from parent contexts, and more specific settings override general ones.
π Learn more about Context Hierarchy in the wiki.
π For advanced configuration examples, see the Advanced Configuration wiki page.
http {
# Enable globally with defaults
torblock on;
}http {
# Configure custom settings
torblock on;
torblock_list_url "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$remote_addr";
torblock_update_interval 600000; # 10 minutes
# Per-server configuration
server {
torblock off; # Disable for specific server
# Per-location configuration
location /api {
torblock on; # Re-enable for specific location
}
}
}http {
torblock on;
# Allow specific IP even if it's a Tor exit node
geo $allow_tor {
default 0;
192.168.1.100 1;
}
server {
if ($allow_tor) {
set $torblock "off";
}
}
}You can enable or disable the module at different levels for flexible access control. For example:
http {
torblock off; # Default: allow Tor everywhere
# Enable Tor blocking only for a specific vhost
server {
server_name sensitive.example.com;
torblock on; # Block Tor for this vhost
# But allow Tor for a specific location (e.g., public API)
location /public-api {
torblock off;
}
}
# Another vhost with default (Tor allowed)
server {
server_name open.example.com;
# torblock remains off
}
}Use case:
- This setup is helpful if you want to block Tor for sensitive parts of your site (e.g., admin panels or private content) but allow Tor users to access public APIs or open resources. You can also have some vhosts open to Tor and others protected, all in the same Nginx instance.
π§ For comprehensive troubleshooting guides, see:
- Troubleshooting Guide - Detailed diagnostic procedures and solutions
- Testing Procedures - Validate your configuration and performance
- Performance Tuning - Optimize for your environment
π¬ Need help? Visit our Community Discussions to ask questions and get support.
nginx: [emerg] dlopen() "/usr/lib/nginx/modules/ngx_http_torblocker_module.so" failed
Solutions:
- Ensure the module was built against the same Nginx version you're running
- Check file permissions:
chmod 644 /usr/lib/nginx/modules/ngx_http_torblocker_module.so - Verify the module path in your
load_moduledirective
nginx: [emerg] unknown directive "torblock"
Solutions:
- Ensure
load_moduledirective is at the top ofnginx.conf(before anyhttpblock) - Verify the module file exists and is readable
- Check Nginx error logs for detailed error messages
nginx: [emerg] module "/usr/lib/nginx/modules/ngx_http_torblocker_module.so" version 1024000 instead of 1026000
Solutions:
- Rebuild the module against your exact Nginx version
- Download the correct Nginx source version with
nginx -v
- Memory usage: The module maintains an in-memory list of Tor exit nodes
- Update frequency: Default 1-hour updates balance freshness with performance
- Request overhead: Minimal impact - simple IP lookup per request
- Concurrent requests: Module is thread-safe for multi-worker configurations
Enable debug logging in Nginx:
error_log /var/log/nginx/debug.log debug;Check for module-specific messages:
grep torblock /var/log/nginx/error.logThis module is inspired by a PHP script I developed over 20 years ago called AntiTor, which successfully blocked Tor access to web servers. The original script was effective but limited in scope.
The nginx-torblocker module brings this concept into the modern era with several key improvements:
- Native performance: Runs at the Nginx level instead of PHP application layer
- Granular control: Enable/disable blocking per virtual host or location
- Selective access: Allow Tor for public resources while blocking sensitive areas
- Multi-site support: Different policies for multiple sites on the same server
- Automatic updates: Keeps Tor exit node lists current without manual intervention
This refined approach allows for sophisticated access control policies that weren't possible with the original script, making it suitable for complex hosting environments where different sites may have different security requirements.
The primary distribution channel for pre-built binaries is the GitHub Releases page, which provides:
- Binary packages for Ubuntu 22.04 LTS (jammy), 24.04 LTS (noble), and 25.04 (plucky)
- Multiple architectures: amd64 and arm64
- Multiple nginx versions: Compatible with nginx 1.26.x and 1.27.x series
- Debian packages (.deb) for native installation via
dpkg
The experimental Ubuntu PPA is no longer supported and has been discontinued. It was never an official distribution channel and proved unreliable for production use.
A self-hosted apt repository is planned to provide signed, reproducible builds without third-party hosting constraints. This repository will host multiple packages from our projects and will target:
- Ubuntu 24.04 LTS (noble) and newer versions
- Ubuntu 25.04 (plucky) and newer versions
For now, please use the official GitHub Releases or build from source.
We welcome contributions! Please see our Contributing Guide for detailed information on:
- Setting up the development environment
- Coding guidelines and best practices
- Testing procedures
- Pull request process
Please also read our Code of Conduct before participating.
π£οΈ Join the conversation: Use our Community Discussions to:
- Propose new features or improvements
- Share your use cases and configurations
- Get help with development setup
- Connect with other contributors and users
Security is important to us. If you discover a security vulnerability, please see our Security Policy for information on how to report it responsibly.
If you find this project useful, please consider supporting its development. See FUNDING.md for information about sponsorship and donations.
BSD License. See LICENSE.md.