php-tor-filter
A PHP+Bash script that blocks access to your website content for users coming through Tor proxy.
release date: 2025-07-10
about
Repository php-tor-filter is a minimalistic IP-based filter to detect and block incoming connections from Tor exit nodes.
The detection is based on publicly available lists, updated via a shell script.
It is designed to be dropped into any PHP-based project and requires no database.
The main purpose is to protect lightweight web applications or panels against anonymous Tor access without using firewalls or advanced reverse proxies.
The main purpose is to protect lightweight web applications or panels against anonymous Tor access without using firewalls or advanced reverse proxies.
features
The project consists of 3 parts:
1. A Bash script `fetch.sh` that, when run, downloads exit node address lists of the Tor network from various official sources;
2. A PHP script `filter.php` that checks the client's IP address against the list from `tor-nodes.lst` (fetched by the Bash script) on every visit;
3. A PHP script `pass.php` that assigns a cookie to the client using a Tor proxy, allowing them to continue browsing the site.
All components combined can form an automatic system that ensures no 'anonymous prankster' can mess up or overload your website.
The `pass.php` script is optional — omit it if you want to fully block all Tor users.
A more interesting approach is creating a Tor filter handler page that includes, for example, a riddle, puzzle, or some verification task to test the user's intent and authenticity. That's exactly what I've implemented on my site. Try visiting it via a Tor proxy and see it in action.
1. A Bash script `fetch.sh` that, when run, downloads exit node address lists of the Tor network from various official sources;
2. A PHP script `filter.php` that checks the client's IP address against the list from `tor-nodes.lst` (fetched by the Bash script) on every visit;
3. A PHP script `pass.php` that assigns a cookie to the client using a Tor proxy, allowing them to continue browsing the site.
All components combined can form an automatic system that ensures no 'anonymous prankster' can mess up or overload your website.
The `pass.php` script is optional — omit it if you want to fully block all Tor users.
A more interesting approach is creating a Tor filter handler page that includes, for example, a riddle, puzzle, or some verification task to test the user's intent and authenticity. That's exactly what I've implemented on my site. Try visiting it via a Tor proxy and see it in action.
compatibility
Dependencies:
PHP 5.6+
Bash (tested with Bash 5+)
curl, awk, grep
Works on:
Termux
Debian / Ubuntu / Alpine
Shared hosting with basic shell access
VPS environments (recommended)
No frameworks or extensions required.
Compatible with HTTP and HTTPS.
PHP 5.6+
Bash (tested with Bash 5+)
curl, awk, grep
Works on:
Termux
Debian / Ubuntu / Alpine
Shared hosting with basic shell access
VPS environments (recommended)
No frameworks or extensions required.
Compatible with HTTP and HTTPS.