[austinheap]

What's the point in restricting this to enterprise users? I can make access rules for every other country except 'T1' on a the entry-level paid plan?

[buro9]

It's only the "country level block" bit that is limited to enterprise.

But then again, if you're using Nginx something like the following may work (gah, have not tested):

    http {
      map $http_cf_ipcountry $allow_country {
          default yes;
          T1 no;
      }
      server {
        if ($allow_country = no) {
          return 403;
        }    
      }
    }

Assumes you have enabled the GeoIP stuff, which again... I've not tested whether it sends Tor through as a country identifier... I shall ask.

Or you could do the opposite and restrict access unless someone is accessing via Tor ;)