On Mon, Dec 17, 2018 at 11:40:05PM +0000, gerard@bulger.co.uk wrote:
I always blocked the obvious abuse ports, but for reasons I do not know, blocking port 80 except to a few subnets, abolished complaints about my exits. I widened the number of subnets and complaints started again, so put restrictions back.
443 wide open, along with very wide range of ports and most high numbers. I am puzzled that port 80 attracts the abuse complaints. Is it because the port 80 traffic is more easily read by agencies sniffing for bad things and copyright infringements?
One plausible explanation would be that when you blocked too much of port 80, you lost the Exit flag, which caused most clients to not consider you as suitable for use in the third hop of their circuit. https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2564
That is, by closing down your exit policy so much, you signaled to clients that they shouldn't try using you as their exit, so most of them didn't.
(You might still see a few exit requests anyway, since clients with a stream request for port 443 would still consider you a legit option if they don't have an available circuit. But when they're making preemptive circuits, they would skip over you because you don't seem like the sort of relay that's likely to be able to satisfy whatever their future requests will be.)
--Roger