On 9/8/07, Armed Blowfish <diodontida.armata(a)googlemail.com> wrote:
145.97.39.155
isn't the only ip address for en.wikipedia.org? How
many are there?
145.97.39.155 is
rr.knams.wikimedia.org
en.wikipedia.org is 66.230.200.100
which is also
rr.pmtpa.wikimedia.org
These are LVS VIPs. I suspect that we could put in some sort of
rewrite rules on the LVS hosts to redirect TOR traffic to some
dedicated tor exit nodes which only allow traffic to reach back to the
local LVS.
I.e. to the outside world the TOR exits would look they are on
145.97.39.155 (knams), 66.230.200.100 (tampa), and 203.212.189.253
(yaseo), and 66.230.200.219 (secure). They would really be on other
addresses. Their exit policies would allow traffic to :80 and :443 on
their apparent external addresses. This should be enough to cause
TOR to send all Wikipedia traffic to these exits.
We could apply whatever blocking policy we want for TOR to the 3-4
actual exit source IPs.
This would have the following advantages:
1) Less tor blocking inconsistency. (We often have only half the
active Tor exists blocked from, which means that regular tor users
can't edit via tor but sneaky trolls can... some exist are soft
blocked, some are hard blocked, many are not blocked at all)
2) Improved security for users who use tor. No more risk of sniffing
by naughty exit node operators.
3) Improved performance for tor users since there will be low latency
between the exit and our caches.
Even though allowing editing from Tor is a matter which rational
people can debate... allowing people to read via tor is something we
should support as strongly as possible.