Looking for good solutions for blocking TOR

Question

I am running an asp.net mvc website, and i want to block every user that reaches my site through TOR. By now i have two solutions:

1. Download list of TOR exit nodes once every hour, store that list in memory, and check every request IP address with that list.
2. Try to block TOR exit nodes with windows firewall - i think that this would be better, but i don't know how to do that.

Is there any other possible solution? Have any of you maybe had a similar problem to mine? How did you solve it?

Answer 1

Here(https://github.com/RD17/DeTor) is a simple REST API which use TorDNSEl to determine whether a request was made from TOR network or not. I think it will be pretty simple to use it from C# with RESTSharp for example.

The request is: curl -X GET http://detor.ambar.cloud/.

The response is { "sourceIp": "104.200.20.46", "destIp": "89.207.89.82", "destPort": "8080", "found": true }

As a bonus you can add a badge to your site to detect whether a user comes from TOR or not:

<img src='http://detor.ambar.cloud/badge' />

Answer 2

The answer is absolutely the second option you listed. You will have to download a list of known exit node IP's every so often regardless of which solution you use, but using the firewall that already exists is much more simple than rolling your own primitive replica.

How the IP's can be added to the firewall depends on your version of Windows. A previous StackOverflow question whose answer includes links that explain how to programmatically block IP addresses via the Windows Server 2008 firewall can be found here.