Fractal Audio .htaccess Generator Script

We've had problems with users using Tor to mask their IPs and then harass users on the forum. This script generates a dynamic, top-level .htaccess file for the site that blocks all the Tor exit nodes that can access forum.fractalaudio.com on ports 80 and 443. Because this list of IPs is dynamic, changing, this script is meant to be run as a cron job every so often on the forum server.

Testing

To test the script on your OS X machine:

./htaccess-generator.rb --user $(whoami) --group staff

Once run, you should see .htaccess file on disk that has a long list of Deny IP addresses in it that were gathered from the Tor project's master exit node catalog.

Production

To run the script on the forum server, setup a cronjob for the xenforo user that looks like this:

0 * * * *  /path/to/htaccess-generator.rb --user xenforo --group xenforo --path /var/xenforo/www

This will run the script every hour and regenerate the /var/xenforo/www/.htaccess file. The file is moved in to place in a single, atomic rename() so there's never a point in time where the site is running without a top-level .htaccess file.

It's fairly generic Ruby and should run just fine with Ruby 2.0 and beyond which is the system Ruby on the Linux instance that runs the forum.

Authors

• Ian Chesal ian.chesal@gmail.com