Re: ietf.org unaccessible for Tor users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Mar 15, 2016, at 13:05, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:

Hi Phillip!

Yes, I actually think it's more simple even than you describe:

Sln2: Can Cloudflare adjust their CAPTCHA scheme so that it only
queries users if an attack is actually in progress.

Question: Is this what they do already? Was the CAPTCHA showing up
because of a dumb blacklist or was it showing up because the IP was on
a blacklist AND that IP was currently performing a DDoS AND that DDoS
was aimed at ietf.org?

I suspect IETF use is atypical where Tor is concerned. Most sites
probably just want to shut Tor exit nodes out.

Cloudflare recently posted this:


Why might a Tor visitor be blocked or challenged? 

Due to the behavior of some individuals using the Tor network (spammers, distributors of malware, attackers, etc.), the IP addresses of Tor exit nodes may earn a bad reputation, elevating their CloudFlare threat score. Our basic protection level issues CAPTCHA-based challenges to visitors whose IP address has a high threat score, depending on the level chosen by the CloudFlare customer. The choices for security range from Essentially Off to I'm Under Attack. The default level is Medium.

What additional control do CloudFlare customers have over traffic from visitors using Tor?

Since late February 2016, CloudFlare treats Tor exit nodes as a "country" of their own. There's no geography associated with these IPs, but this approach lets CloudFlare customers override the default CloudFlare threat score to define the experience for their Tor visitors.

CloudFlare updates its list of Tor exit node IP addresses every 15 minutes.

Control is in the Access Rules section of the Firewall app.

If I read it/the rest of the post rightly, it appears that Cloudflare customers (IETF?) can nowadays flip a switch which whitelists Tor whilst still providing all the other protections that Cloudflare provide.

Basically it appears that all IETF need to do is decide whether people accessing the IETF website over Tor constitutes a threat, and modify control panel settings accordingly?

    -a

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]