[tor-relays] drop in bandwith - because of fail2ban rule?

tor at viisauksena.de tor at viisauksena.de
Mon Feb 23 17:13:09 UTC 2015


hi

i am wondering , because i constantly becoming less and less traffic / 
or given Bandwidth for a Tor exit relay with a bunch of flags ..
the exit is on a debian, vserver with quit a lot of machine power 
behind,
has it own IPv4 and there is also enough bandwidth (i checked this 
regulary with speedtests or fake downloads of whatever distros)
https://atlas.torproject.org/#details/2AC2306BD625A9DD75532886842C268C3CDBBC9C

i didnt change anything in configuration, beside one small thing
after getting dozens of apache errorcode 504 port 80 and 443 to the 
Tor-IPv4.. and so i startet to make a fail2ban rule,
because this doesnt make sense, also this comes often from a variety aof 
IPv4 en block from russia, china, korea (mostly) - so i optet for 
fail2ban more than ignoring these errors.

This is the only thing i could imagine which connects to the network 
drop (ok some internet police whitehat watchers argue there is bad 
traffic here and than .. but this is "normal" i guessed for tor-exit)
So i turned my rule of some 2-3 days, to see if this makes the drop in 
bandwidth - no effect. So i restartet back the fail2ban rule.

So my question - tor hides in port 80 / 443 traffic - is this what i 
mistakingly block / or interfere .. or how this drop from near 14 Mb to 
1,9 Mb is explainable? (while normal traffic on server goes well)

thx, viisauksena


(for completeness example of logoutput and fail2ban-regex )
# basicly i want to stop these lines
# default-178_254_XXXXXX:443 104.245.96.249 - - [10/Feb/2015:16:52:07 
+0100] "GET /" 400 549 "-" "-"

[Definition]
failregex = [^ ]+ <HOST>.*"GET /" 400 5[0-9][0-9]




More information about the tor-relays mailing list