A couple of days ago I started seeing this in lfd.log:
Jul 8 11:00:56 svr lfd[8991]: Unable to retrieve blocklist TOR - Unable to download: 403 - Forbidden
I get the same response if I try and visit http://exitlist.torproject.org/exit-addresses from my desktop. After a little digging, I found this - https://check.torproject.org/cgi-bin/TorBulkExitList.py which asks for the ip of the server, and then provides a url to download the list. So I replaced:
TOR|86400|0|http://exitlist.torproject.org/exit-addresses
with
TOR|86400|0|https://check.torproject.org/cgi-bin/To ... xx.xxx.xxx
in the blocklist configuration. However, now this is what I get in lfd.log:
Jul 10 12:30:46 svr lfd[9387]: Unable to retrieve blocklist TOR - Unable to download: 599 - Net::SSLeay 1.49 must be installed for https support
I have Net::SSLeay 1.54 installed. Does anyone know if this means that I speficially need 1.49 or am I missing something else.
Thanks
TOR Blocklist
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: TOR Blocklist
If you change the URL to the following it should start working again (note the http:// not https:// URL):
Code: Select all
TOR|86400|0|http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1Re: TOR Blocklist
Thanks for the quick repsonse. That did the trick, I should have thought to try that before posting.
Re: TOR Blocklist
FYI, I noticed the 6.22 update says it modified the TOR URL to the one you mention, but it didn't change the url in my file. I didn't have the line active. It was commented out, so maybe that's the problem. It should of course update the URL commented or not I would think.
Re: TOR Blocklist
Same here.
For what it's worth.
2 VPS's, with Webmin, TOR url was not updated.
1 dedicated server, with DirectAdmin, TOR url was updated.
All servers have CentOS 6.4 O.S.
The dedicated server is only a week or so old. First installed version was 6.21. That might explain why it went OK on the ds and not on the VPS's. VPS's had versions before the directory structure change. (but where automatically updated on every new version.)
For what it's worth.
2 VPS's, with Webmin, TOR url was not updated.
1 dedicated server, with DirectAdmin, TOR url was updated.
All servers have CentOS 6.4 O.S.
The dedicated server is only a week or so old. First installed version was 6.21. That might explain why it went OK on the ds and not on the VPS's. VPS's had versions before the directory structure change. (but where automatically updated on every new version.)
Re: TOR Blocklist
To also clarify, mine is CentOS 6.4 cPanel 11.38.1.6 dedicated server with many previous versions of the firewall installed.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: TOR Blocklist
The URL is only updated in new installations. You will have to modify it manually in /etc/csf.blocklists if you want to change it for existing installs.
Re: TOR Blocklist
Seems a little lacking in forethought not to update existing urls. The urls come with csf, so one would think they should be maintained by csf so when people like myself to decide to activate some more blocklists and have them immediately not work.
Re: TOR Blocklist
Also, I read the changelog for the new releases and it should mention you need to manually edit the URL if that's going to be the case rather than just:
"Modified TOR URL in /etc/csf/csf.blocklists to use:" which to me says it's modifying my url as I was expecting.
"Modified TOR URL in /etc/csf/csf.blocklists to use:" which to me says it's modifying my url as I was expecting.
Re: TOR Blocklist
I am still getting the error below even after adjusting the url in /etc/csf/csf.blocklists as advised above (i tried with and without https://)
I noticed that the non-ssl url http:// cannot be accessed because it forcibly redirects to https://
Any ideas now?
Code: Select all
Nov 21 23:33:51 myserver lfd[9284]: Unable to retrieve blocklist TOR - Unable to download: 599 - Net::SSLeay 1.49 must be installed for https supportAny ideas now?