On 9/8/07, Armed Blowfish diodontida.armata@googlemail.com wrote:
145.97.39.155 isn't the only ip address for en.wikipedia.org? How many are there?
145.97.39.155 is rr.knams.wikimedia.org
en.wikipedia.org is 66.230.200.100 which is also rr.pmtpa.wikimedia.org
These are LVS VIPs. I suspect that we could put in some sort of rewrite rules on the LVS hosts to redirect TOR traffic to some dedicated tor exit nodes which only allow traffic to reach back to the local LVS.
I.e. to the outside world the TOR exits would look they are on 145.97.39.155 (knams), 66.230.200.100 (tampa), and 203.212.189.253 (yaseo), and 66.230.200.219 (secure). They would really be on other addresses. Their exit policies would allow traffic to :80 and :443 on their apparent external addresses. This should be enough to cause TOR to send all Wikipedia traffic to these exits.
We could apply whatever blocking policy we want for TOR to the 3-4 actual exit source IPs.
This would have the following advantages: 1) Less tor blocking inconsistency. (We often have only half the active Tor exists blocked from, which means that regular tor users can't edit via tor but sneaky trolls can... some exist are soft blocked, some are hard blocked, many are not blocked at all)
2) Improved security for users who use tor. No more risk of sniffing by naughty exit node operators.
3) Improved performance for tor users since there will be low latency between the exit and our caches.
Even though allowing editing from Tor is a matter which rational people can debate... allowing people to read via tor is something we should support as strongly as possible.