Skip to content
Advertisement

Can’t get working ip check code(single rule is working, multiple not)

need to forward all Tor users away from my page, with checking ip in tor lists. Single check was working with ipv4 but not working with ipv6 and multiple list checking. Can’t understand where i get error. code:

$torip = file("https://check.torproject.org/torbulkexitlist", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$torexits = file("https://lists.fissionrelays.net/tor/exits-ipv6.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$tornode = file("https://lists.fissionrelays.net/tor/relays-ipv6.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$client_ip = $_SERVER['REMOTE_ADDR'];
if (in_array($client_ip, $torip)){ 
header('Location: https://www.google.com/'); 
}
if (in_array($client_ip, $tornode)){
header('Location: https://www.google.com/'); 
}
if (in_array($client_ip, $torexits)){
header('Location: https://www.google.com/'); 
}

was trying different way’s like

if(in_array($client_ip, $torip) or in_array($client_ip, $tornode) or in_array($client_ip, $torexits))

and if … elseif .. elseif

same can get inside via tor with ip that is in list and can’t understand where is the problem. Thank You to All for help.

UDP: code part

$tornode = file("https://lists.fissionrelays.net/tor/relays-ipv6.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$client_ip = $_SERVER['REMOTE_ADDR'];
if (in_array($client_ip, $tornode)){
header('Location: https://www.google.com/');
die();  
}

is working 100% – question – how to add other list in checking in the right way?

Advertisement

Answer

A few things here…

  1. I hope you aren’t downloading those lists every time someone visits your page. You should be caching the results of the list downloads for a short time rather than constantly downloading.

  2. The only fissionrelays list you need is exits.txt. As outlined at https://fissionrelays.net/lists, exits.txt contains IPv4 & IPv6 exit nodes. Download that instead of exits-ipv6.txt and relays-ipv6.txt.

  3. It is incorrect to block Tor relays that are not exits. Hits from a relay IP is not Tor traffic. For example, I run a guard relay at home that does not allow exit traffic. Its IP appears in the relay list, but it does not permit any Tor exit traffic so any hits from this IP is not coming from Tor.

If you want to use multiple lists, that’s fine. I would suggest the following steps to meet your needs:

1. Download & combine all lists every 10+ minutes
2. De-duplicate and sort the list
3. Save to a file
4. Write a function to search the cached file.

For 1-3, you could use https://gitlab.com/fissionrelays/lists/-/blob/master/tor.php which is a downloader provided by fission relays to download their lists. It sorts as well.

IF your lists are sorted correctly, you can binary search the list for better results, but this is more advanced and not necessary.

Hint, when downloading lists, don’t use file() to download as arrays. Use file_get_contents() instead, and append each list onto the other. Once all lists are downloaded and combined, process them into an array (skipping dupes), and then sort the list.

Here’s a binary search function you can use to search the sorted list quicker.

/**
 * Perform binary search of a sorted array.
 * Credit: http://php.net/manual/en/function.array-search.php#39115
 *
 * Tested by [VigilanTor](https://wordpress.org/plugins/vigilantor/) for accuracy and efficiency
 *
 * @param string $needle String to search for
 * @param array $haystack Array to search within
 * @return boolean|number false if not found, or index if found
 */
protected function arrayBinarySearch($needle, $haystack)
{
    $high = count($haystack);
    $low = 0;

    while ($high - $low > 1){
        $probe = ($high + $low) / 2;
        if ($haystack[$probe] < $needle){
            $low = $probe;
        } else{
            $high = $probe;
        }
    }

    if ($high == count($haystack) || $haystack[$high] != $needle) {
        return false;
    } else {
        return $high;
    }
}

Additionally, make sure to call exit() after sending a header(Location) redirect since you want to terminate the request and redirect immediately without running additional PHP code.

if (in_array($needle, $haystack)) {
    header('Location: https://www.google.com/');
    exit; // Redirect now and don't run any further PHP code
}

Lastly, if you want to assume all Tor traffic is “bad” that’s fine. Consider an error message instead of silently redirecting traffic away without explanation which is bad user-experience. Many people use Tor for casual browsing, so you’re effectively booting these users from your site with no reason given.

User contributions licensed under: CC BY-SA
9 People found this is helpful
Advertisement