Skip to content

Whitelist Tor exit relays to allowing Tor users access your CloudFlare-protected site without CAPTCHA's

License

Notifications You must be signed in to change notification settings

torservers/cloudflare-tor-whitelister

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Automatic CloudFlare Tor Exit Whitelister

CloudFlare provides an external service to defend your site against denial of service attacks. Unfortunately Tor users are often inconvenienced by repeated requests to solve CAPTCHA's due to CloudFlare's threat scoring approach.

CloudFlare does not currently provide a means of allowing Tor visitors. Website operators should be able to take advantage of the increased stability and DoS resistance that CloudFlare provides without blocking their anonymous users.

On the [tor-talk] mailing list, Moritz Bartl proposed the idea that operators could explicitly white list Tor exit IP addresses in their control panel as a stop-gap measure to avoid blocking their users.

This script is a rough proof-of-concept which whitelist's Tor exit IP addresses via the CloudFlare REST API. Problematically CloudFlare currently enforces a maximum limit of 200 access rules per user or zone. However the top 200 Tor exit IP addresses currently represent ~95% of the exit probability. as such using this should still significantly enhance the user experience for Tor users.

All feedback and bug reports very welcome!

Installation

$ pip install cloudflare-tor-whitelister

Usage

$ cloudflare-whitelist -t 'API_TOKEN' -e 'CLOUDFLARE_EMAIL'

Your CloudFlare API token and email can also be specified in the CLOUDFLARE_API_TOKEN and CLOUDFLARE_EMAIL environment variables rather than as command line arguments. Your CloudFlare API key is listed on your My Account page.

By default the whitelist rules are applied across all zones owned by your account. If instead you would like to only whitelist on a particular domain you should specify it with the --zone option.

It is probably sufficient to run this script via cron once per day.

$ crontab -e

0 0 * * * cloudflare-whitelist -t 'API_TOKEN' -e 'CLOUDFLARE_EMAIL'

About

Whitelist Tor exit relays to allowing Tor users access your CloudFlare-protected site without CAPTCHA's

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%