Created
February 16, 2018 14:20
-
-
Save CJFWeatherhead/3b907ffc0817a1255658df2195a68a75 to your computer and use it in GitHub Desktop.
Automatically redirect Tor traffic to onion (Hopefully efficiently as the if processing isn't intensive)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##Get New Exit Node list ever 6 Hours | |
57 */6 * * * `curl https://check.torproject.org/cgi-bin/TorBulkExitList.py\?ip\=<yourip> | awk '{print $0" TOREX;"}' > /etc/nginx/includes/torexit.ips && service nginx restart` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##Create a geo region for Tor Exits | |
geo $torexit { | |
default NOEXIT; | |
include includes/torexit.ips; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##Check on every request if Tor Exit, potentially inefficient, but the geolookup is quicker than a long list of ifs. | |
if ($torexit = TOREX) { | |
rewrite ^ https://xxxxxxxxxxxxxxxxxx.onion$request_uri? permanent; | |
} |
Can you explain how this works @CJFWeatherhead?
Can you explain how this works @CJFWeatherhead?
It creates a pseudo region (as though it was a geo-location) based on Tor's public list of exit nodes, it then rewrites requests from those IP's (which we can assume are Tor) and pushes them to an associated onion address.
This is however a little redundant now, the "correct" way of doing this is to use an Alt-Svc header, advertising the .onion service, which the user can configure in Tor Browser to auto-redirect if they choose to
Thanks @CJFWeatherhead, I appreciate it. It's a good solution.
So in a way, before the alt-svc header this concept was unique and then the TBB-team implemented another client side idea to solve the same problem?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
That's really interesting; thanks, Chris - I'll look it over.