/denytor

Application "denytor" creates istio authorization policy to deny TOR exit nodes

Primary LanguageGoApache License 2.0Apache-2.0

denytor

This application creates istio authorization policy to deny TOR exit nodes.

URL to get IP list

By default URL "https://check.torproject.org/torbulkexitlist" is used.

Other URL's which respond content-type "text/plain" are supported as well.

Installation istio behind http proxy LB

This application is intended to be scheduled in kubernetes using a cronjob which keep TOR exit nodes IP list up-to-date.

Go to directory [ deploy ] and apply commands bellow:

kubectl apply -f rbac/
kubectl apply -f cronjob-http-proxy-lb/

Installation istio behind passthrough LB

This application is intended to be scheduled in kubernetes using a cronjob which keep TOR exit nodes IP list up-to-date.

Go to directory [ deploy ] and apply commands bellow:

kubectl apply -f rbac/
kubectl apply -f cronjob-passthrough-lb/