TorBlockRedirect

package module
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

README

TorBlockRedirect

TorBlockRedirect is a Traefik plugin that can block requests originating from the Tor network. The publicly available list of Tor exit nodes (https://check.torproject.org/exit-addresses) is fetched regularly to identify requests to block. The plugin also supports redirecting requests from Tor users to an onion site if the RedirectHostname configuration is set. Additionally, the plugin now supports both IPv4 and IPv6 address blocking.

Configuration

Requirements:

  • Traefik >= v2.5.5
Static

For each plugin, the Traefik static configuration must define the module name (as is usual for Go packages).

The following declaration (given here in YAML) defines a plugin:

# Static configuration
pilot:
  token: xxxxx

experimental:
  plugins:
    torblockredirect:
      moduleName: github.com/PaulLeRoux142/TorBlockRedirect
      version: v0.1.3

Here is an example of a file provider dynamic configuration (given here in YAML), where the interesting part is the http.middlewares section:

# Dynamic configuration

http:
  routers:
    my-router:
      rule: host(`demo.localhost`)
      service: service-foo
      entryPoints:
        - web
      middlewares:
        - my-middleware

  services:
   service-foo:
      loadBalancer:
        servers:
          - url: http://127.0.0.1:5000
  
  middlewares:
    my-middleware:
      plugin:
        torblockredirect:
          enabled: true # default 'true'
#          UpdateIntervalSeconds: 3600 # default '3600'
          RedirectProtocol: "http://" # default 'http://'
          RedirectHostname: "youroniondomain.onion" # default ''
#          RedirectSavePath: true # default 'true'
#          AddressListURL: "https://www.dan.me.uk/torlist/?exit" # default 'https://check.torproject.org/exit-addresses'
#          ForwardedHeadersCustomName: "CF_CONNECTING_IP" # default 'X-Forwarded-For'
Local Mode

Traefik also offers a developer mode that can be used for temporary testing or offline usage of plugins not hosted on GitHub. To use a plugin in local mode, the Traefik static configuration must define the module name (as is usual for Go packages) and a path to a Go workspace, which can be the local GOPATH or any directory.

The plugins must be placed in ./plugins-local directory, which should be next to the Traefik binary. The source code of the plugin should be organized as follows:

./plugins-local/
    └── src
        └── github.com
            └── PaulLeRoux142
                └── TorBlockRedirect
                    ├── .golangci.toml
                    ├── .traefik.yml
                    ├── go.mod
                    ├── go.sum
                    ├── LICENSE
                    ├── Makefile
                    ├── netaddr.go
                    ├── README.md
                    ├── torblockredirect_test.go
                    ├── torblockredirect.go
                    └── examples
                        └── docker-compose.yml

# Static configuration
pilot:
  token: xxxxx

experimental:
  localPlugins:
    example:
      moduleName: github.com/PaulLeRoux142/TorBlockRedirect

(In the above example, the TorBlockRedirect plugin will be loaded from the path ./plugins-local/src/github.com/PaulLeRoux142/TorBlockRedirect)

# Dynamic configuration

http:
  routers:
    my-router:
      rule: host(`demo.localhost`)
      service: service-foo
      entryPoints:
        - web
      middlewares:
        - my-middleware

  services:
   service-foo:
      loadBalancer:
        servers:
          - url: http://127.0.0.1:5000
  
  middlewares:
    my-middleware:
      plugin:
        torblockredirect:
          enabled: true # default 'true'
#          UpdateIntervalSeconds: 3600 # default '3600'
          RedirectProtocol: "http://" # default 'http://'
          RedirectHostname: "youroniondomain.onion" # default ''
#          RedirectSavePath: true # default 'true'
#          AddressListURL: "https://www.dan.me.uk/torlist/?exit" # default 'https://check.torproject.org/exit-addresses'
#          ForwardedHeadersCustomName: "CF_CONNECTING_IP" # default 'X-Forwarded-For'

Features

  • Block Tor Requests: The plugin blocks incoming requests from the Tor network.
  • Redirect to Onion Site: If the RedirectHostname configuration is set, requests from Tor users will be redirected to this .onion site.
  • IPv6 Support: The plugin now supports both IPv4 and IPv6 addresses when identifying and blocking Tor exit node IPs.
  • Save Original URL Path: The plugin allows saving the original request URL path when redirecting Tor users to the .onion site, if RedirectSavePath is set to true.
Examples

You can also see a working example docker-compose.yml in the examples directory, which loads the plugin in local mode.

./examples/docker-compose.yml
Plugin Configuration

The plugin supports the following configuration options:

  • enabled: Enables or disables the plugin. Default is true.
  • RedirectProtocol: The protocol (http/https) to use when redirecting. Default is http://.
  • RedirectHostname: If set, requests from Tor users will be redirected to this .onion site.
  • RedirectSavePath: If set to true, the plugin will save the original request path in the redirect URL. Default is true.
  • UpdateIntervalSeconds: Interval in seconds for updating the list of blocked Tor exit nodes. Default is 3600 (1 hour).
  • AddressListURL: URL to fetch the list of Tor exit nodes. Default is https://check.torproject.org/exit-addresses.
  • ForwardedHeadersCustomName: Header name for the forwarded client IP address. Default is X-Forwarded-For.

Example configuration for OnionHostname:

torblockredirect:
  enabled: true
  OnionHostname: "youroniondomain.onion"

Documentation

Overview

Package TorBlockRedirect contains a Traefik plugin for blocking requests from the Tor network

Package TorBlockRedirect implements a Traefik plugin for blocking requests from the Tor network

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New 

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)

New creates and initializes a new instance of the TorBlock plugin.

Types

type Config 

type Config struct {
	Enabled                    bool
	AddressListURL             string
	UpdateIntervalSeconds      int
	RedirectProtocol           string
	RedirectHostname           string
	RedirectSavePath           bool
	ForwardedHeadersCustomName string
}

Config holds the configuration for the plugin.

func CreateConfig 

func CreateConfig() *Config

CreateConfig initializes the default configuration for the plugin.

type IPv4 

type IPv4 struct {
	// contains filtered or unexported fields
}

IPv4 is a comparable representation of a 32bit IPv4 address.

func CreateIPv4 

func CreateIPv4(a, b, c, d uint8) IPv4

CreateIPv4 returns the IPv4 of the address a.b.c.d.

func ParseIPv4 

func ParseIPv4(s string) (IPv4, error)

ParseIPv4 parses s as an IPv4 address, returning the result or an error.

type IPv4Set 

type IPv4Set struct {
	// contains filtered or unexported fields
}

IPv4Set contains a set of IPv4 addresses.

func CreateIPv4Set 

func CreateIPv4Set() *IPv4Set

CreateIPv4Set creates a new empty IPv4Set.

func (*IPv4Set) AddIPv4 

func (s *IPv4Set) AddIPv4(ip IPv4)

AddIPv4 appends a new IPv4 to the set.

func (*IPv4Set) AddIPv4Set added in v0.1.3 

func (s *IPv4Set) AddIPv4Set(other *IPv4Set)

Adding all IP addresses from another IPv4 set to the current set

func (*IPv4Set) ContainsIPv4 

func (s *IPv4Set) ContainsIPv4(ip IPv4) bool

ContainsIPv4 checks for an existing IPv4 within the set.

type IPv6 

type IPv6 struct {
	// contains filtered or unexported fields
}

IPv6 is a comparable representation of an IPv6 address.

func CreateIPv6 

func CreateIPv6(addr [16]byte) IPv6

CreateIPv6 returns the IPv6 address as a 16-byte array.

func ParseIPv6 

func ParseIPv6(s string) (IPv6, error)

ParseIPv6 parses s as an IPv6 address, returning the result or an error.

type IPv6Set 

type IPv6Set struct {
	// contains filtered or unexported fields
}

IPv6Set contains a set of IPv6 addresses.

func CreateIPv6Set 

func CreateIPv6Set() *IPv6Set

CreateIPv6Set creates a new empty IPv6Set.

func (*IPv6Set) AddIPv6 

func (s *IPv6Set) AddIPv6(ip IPv6)

AddIPv6 appends a new IPv6 to the set.

func (*IPv6Set) AddIPv6Set added in v0.1.3 

func (s *IPv6Set) AddIPv6Set(other *IPv6Set)

Adding all IP addresses from another IPv6 set to the current set

func (*IPv6Set) ContainsIPv6 

func (s *IPv6Set) ContainsIPv6(ip IPv6) bool

ContainsIPv6 checks for an existing IPv6 within the set.

type TorBlock 

type TorBlock struct {
	ForwardedHeadersCustomName string
	// contains filtered or unexported fields
}

TorBlock represents the main structure of the plugin.

func (*TorBlock) ServeHTTP 

func (a *TorBlock) ServeHTTP(rw http.ResponseWriter, req *http.Request)

ServeHTTP processes each incoming request that passes through the plugin.

func (*TorBlock) UpdateBlockedIPs 

func (a *TorBlock) UpdateBlockedIPs()

UpdateBlockedIPs fetches the list of blocked IPs from the addressListURL and updates the blocked IP sets.

func (*TorBlock) UpdateWorker 

func (a *TorBlock) UpdateWorker()

UpdateWorker periodically updates the list of blocked IPs according to the update interval.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.