fpietrosanti
commented
12 years ago That feature has been also discussed within the Tor Development community and the ticket has been commented here: https://github.com/globaleaks/GlobaLeaks/issues/99
We should also be aware of the fact that if a Tor exit node operator connects to tor2web from his exit node IP and is not connecting though Tor he will be redirected to the .onion.
Maybe we could place a page in between redirection stating that the user has been detected as coming from Tor (congratulating him and saying that it is a good thing) and that if this is a mistake (for example because he is a Tor operator) then he should access the HS through tor2web.
Pasting IRC log of the discussion on #tor-dev:
08:46 < hellais> Sebastian: is there any progress in getting TorBel up and running? 08:47 < hellais> I plan on working a bit on that in the next few days, any pointers on getting it running would be useful 08:48 < hellais> at the very least what I would like to do is detect if a tor2web user is comming from Tor and in that case redirect him to the .onion 08:49 < Sebastian> hellais: it's running on my server. tomaw found a serious bug in it tho, so I'm looking into fixing that before doing the setup work on tpo 08:49 < hellais> Sebastian: has the bug been filed? 08:49 < Sebastian> what is redirecting to .onion going to help? 08:49 < Sebastian> I don't think that's wise given the stability issues with .onion 08:50 < hellais> Sebastian: because if a user is accessing a HS through Tor he should not be overloading tor2web but visit the .onion directly 08:50 < hellais> this is also useful in cases where a tor2web site is setup just specific for a particular HS 08:51 < hellais> for example I may setup tor2web on my public web server hs.example.com 08:51 < hellais> this will proxy all the requests to a certain .onion 08:52 < hellais> though if the user is a Tor user I want him to connect to the HS directly and not use the web proxy 08:52 < Sebastian> no, it's not on trac 08:52 < Sebastian> the bug is that old entries aren't expired 08:53 < hellais> Sebastian: this is a bit more detail on what I want to achieve: https://github.com/globaleaks/GlobaLeaks/issues/99 08:54 < armadev> hellais: that behavior may have the accidental side effect that exit relay operators can't visit your tor2web site directly. 08:54 < armadev> (fine by me. but you should be aware) 08:54 < hellais> armadev: that I think is completely fine, since they will know the reason 08:54 < hellais> ... hopefully 08:55 < hellais> or maybe I could have a page before redirect asking the user if he want to go the .onion explaining why it is better 08:55 < hellais> and a timeout before he gets redirected 08:56 < hellais> so if you are a tor exit node operator and you are not connecting through Tor you can click on "I am sure I am not from Tor" and access the site from the web proxy 08:57 < hellais> armadev: though I will add this consideration to the ticket 08:58 < armadev> hellais: if you think of an ip address as a person, it's fine. if you think of an apartment building with one ip address and some resident running an exit relay and the rest of the residents getting confused, it's messier. 08:59 < hellais> armadev: good point. that is why the best solution is probably an explaination page before redirect 09:00 < hellais> unless there is a better way to detect if a user is a Tor user :| 09:00 < Sebastian> clearly the solution is that it should be mandatory for every resident to run an exit node 09:00 < hellais> Sebastian: hahahaha
All Tor2web clients that come from a Tor Exit Node must be redirected directly to the relevant .onion website in order to avoid using Tor2web from Tor (causing additional overhead).
This feature come from https://github.com/globaleaks/tor2web-2.0/issues/11