I have subscribed to Cloudflare’s Ethereum API service and pointed my domain at it using CF nameserver. When a user tries to access the API via curl from Tor, they receive an HTML response instead of the appropriate JSON response (the
Accept header is set to
application/json so an HTML response should not be returned even on error). As most of my users are quite privacy/security conscious, I would like to allow them to connect via Tor and I’m willing to accept the risk of burning through my API request limit (which I’m currently paying for).
I can see the blocked requests in the Security Overview page. I tried adding a firewall rule to allow requests from T1 countries as both a Firewall Rule and an IP Access Rule, but I am still receiving the “Just a moment…” HTML response when I make a request.
What do I need to do to disable Tor blocking?
May I ask have you tried temporary disabling the Browser Integrity Check?
Otherwise, I wonder if the given IP address in the moment has had some bad reputation history since before.
I just tried adding a page rule to disable the browser integrity check for the domain, but that doesn’t appear to have resolved the issue. I also set the security settings to “essentially disabled” which also doesn’t seem to have helped.
Interestingly, I do see in the Firewall Events that some Tor sourced requests were “Allowed”, but that doesn’t seem to have changed behavior. Also, I’m not seeing a Firewall Event for all requests that are getting blocked, suggesting there are perhaps multiple layers of the system that are blocking for multiple reasons and returning the same challenge page.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.