I use clouldflare as a proxy for my public webservers and found out the proxy is hostile to Tor traffic but ONLY without the Tor Browser User Agent.
When proxying any other app through tor (i.e. orbot + amethyst) I would get 403 timeouts. When querying the same page with the official Tor Browser, everything was fine.
Fortunately there's a solution: I created a custom cloudflare WAF firewall rule to allow all tor traffic unconditionally. Seems to work!
Good to know, will add one for the relay
Seems to be working, no more 403
Thats some quick validation!
Just try to use nostr over Tor and you will realize most relays, CDNs, NIP05 webservers are tor hostile.
Come on people do better! If you're using cloudflare or any other proxy firewall service for your web servers, take some time to make it tor friendly.
Next step is posting screenshots to shame some well known accounts.
I noticed that Crowdsec is blocking Tor connections on my server. I disabled it and since then I can connect to Orbot again.
I'm an idiot, so how did you do that?
thank you!
I might do a PR on this. the CloudFlare interface and even the option names have changed. I ended up with "Choose action": "Skip" and "WAF components to skip": almost everything checked. It doesn't feel great. Know what minimum things need to be checked to allow Tor with these new settings?
I'll set a reminder to do the PR later. Seems that all that is required is to tap "More components to skip" and select "Security Level". I don't think any of the other options would allow Tor traffic through.
