Geo-blocking & Tor Control with Cloudflare WAF

A demo showing how Cloudflare WAF Custom Rules can block access from the Tor network and high-risk countries to protect web applications.

Your Connection Info

Realtime data from Cloudflare Edge Network:

Tor Blocking: Detects and blocks requests from the Tor anonymity network. Cloudflare identifies Tor exit nodes and marks their country code as "T1".
Geo-blocking: Blocks access from specific high-risk countries using GeoIP data. Cloudflare determines the geographic location of every request.
WAF Custom Rules: Uses Cloudflare's Wirefilter syntax to write firewall rules that inspect IP, country, headers, and other HTTP attributes.
Managed Challenge: Instead of outright blocking, can require CAPTCHA or JS Challenge to verify the user is human.
Edge Enforcement: Rules execute on Cloudflare's 300+ global edge locations, close to the user, with low latency.
Real-time Analytics: Monitor blocked requests, countries, threat scores through the Cloudflare dashboard.

What happens when you access this website from different browsers:

Access from Tor anonymity network.
IP flagged as Tor Exit Node.
Country: T1

403 Forbidden

Normal access.
Valid IP, known country.
No suspicious indicators.

Access Granted

User sends HTTP request Browser (Chrome, Tor, etc.) sends a request to the domain configured with Cloudflare DNS.
Cloudflare Edge receives request Request hits the nearest PoP (Point of Presence). Cloudflare determines IP, GeoIP country, TLS fingerprint, and checks Tor exit node status.
WAF Rules Engine evaluates Custom Rules are executed: checks ip.geoip.country, Tor detection flags, and other conditions.
Action is taken Block: returns 403 Forbidden. Challenge: shows CAPTCHA. Allow: forwards request to origin.
Response returned to user User sees the normal page (if allowed) or an error/challenge page (if blocked).

Cloudflare WAF is a SaaS product. Users configure rules without managing any infrastructure.

Cloudflare shares edge server infrastructure across millions of websites via multi-tenancy.

WAF rules automatically scale across 300+ PoPs without user intervention.

Free tier for basic features, pay more for advanced capabilities. True pay-as-you-go model.

Addresses challenges like loss of control, multi-tenancy risks, and expanding attack surfaces.

Security rules are processed at the edge, near the user, reducing latency compared to origin-based processing.