Gazelle icon indicating copy to clipboard operation
Gazelle copied to clipboard
verified publisher icon OPSnet

Enable Tor detection of user IPs without plugging all exit nodes into IP ban list

Open itismadness opened this issue 7 years ago • 1 comments

There's two possible ways to detect if a given IP address is part of Tor or not. We could just generate a static list (and update it once in a while) based off using something like https://check.torproject.org/cgi-bin/TorBulkExitList.py. Alternatively, we could generate requests to https://www.torproject.org/projects/tordnsel.html.en (example NodeJS script at https://github.com/assafmo/IsTorExit), but this might involve quite a bit of overhead to do this.

In either case, after doing the check, we can catch the response of "is it tor?" into a $_SERVER variable (or within $LoggedUser) such that so long as the IP address remains constant, we don't have to re-ask that question.

itismadness avatar Nov 09 '18 21:11 itismadness

Has this been implemented?

Inserting this static IP list into an nginx blocking rule can prevent users from using Tor.

An example: https://help.dreamhost.com/hc/en-us/articles/216456127-Blocking-IPs-with-Nginx

arthur4ires avatar Feb 04 '21 17:02 arthur4ires

This was implemented.

itismadness avatar Jan 26 '24 14:01 itismadness