Attempting to access the sign-in page for GitLab.com with Tor Browser gets stuck in an indefinite loop of anti-bot verification. Eventually it will prompt to click to verify user presence but afterwards it will loop and prompt again.
Tested with Tor Browser 13.0.13 on Linux x86_64.
Is there any suggested resolution or workarounds by GitLab.com support?
Thank you
Unfortunately, this is the experience when using TOR. The same happens attempting to access google sites whether just searching, gmail or whatever. None of the TOR IP’s are trusted, and so end up in a constant loop of captcha’s. Cloudflare is no different in this instance, so it’s not unique to Gitlab.
I’ve seen posts on this before on this forum over the past few years, and unfortunately no there is no solution to it. Cloudflare, Google or whatever don’t care about TOR users, or simply don’t want TOR users using their network.
I don’t use TOR, so this doesn’t affect me but I have tried and have seen this behaviour and because of that I don’t find TOR actually useful for anything when there are constant captchas (and that’s without including the fact that TOR is so damn slow anyway). To be honest, you would be better just using a VPN service, like ProtonVPN, Windscribe, NordVPN, etc, and are more likely to have more luck that way than with TOR.
There are two aspects to consider here.
IP blocking or other penalizing of Tor exit-nodes.
Tor Browser changes that negatively impact Cloudflare challenges or GitLab functionality irrespective of IP. I believe this is plausible. Hopefully mentioning this is ok but some time ago there was an issue with registration for GitHub.com over Tor. Eventually due to Tor Browser and potential changes by GitHub.com administration the issue was solved.
Another factor might be that Tor Browser proxies Cloudflare challenges through an .onion service and either the configuration of Cloudflare or GitLab has a related issue. However when attempting to access the linked Cloudflare blog post there was a challenge for user presence that was successfully completed after an activation of the widget. So the perspective that Cloudflare is always hostile to Tor exit-nodes is partially unfounded.
Thank you
You may wish to check the issues here related to TOR: Issues · GitLab.org / GitLab · GitLab there are some open related to infinite loops. You could upvote those, or add comments to them so that perhaps Gitlab will do something about it. Be it from Cloudflare config side or elsewhere.
Because this issue could be considered a circular problem myself investigating and reporting it on GitLab.com might be an issue. However I give permission for someone else who finds an equivalent issue to utilize the above information and link here.
Thank you
Sadly Cloudflare is very anti Tor, nothing you can do.
Not quite. I have had success accessing other sites utilizing Cloudflare over Tor. As I mentioned there are particular differences inherent to Tor Browser that would not apply to a generic browser even when connecting over Tor.
Thank you
Since you are one of the people affected by it, it makes sense for you to vote up the issues that have been reported in relation to TOR and problematic access. If you don’t, then don’t expect it to be fixed any time soon. The Gitlab devs work on issues of importance. If there is a lack of interest, or small amount of people affected, then they won’t do anything about it.
Posting on the forum won’t solve it, it has to be reported in the issues. I don’t use TOR, so I have no inclination to post in the issues to ask for it to be resolved. It should be done by the people who are affected, like yourself.
Either that, or just use Gitlab without TOR if you do not want to spend the time reporting in the issues for it to be resolved by the Gitlab devs.
Using Safari and having the same issue. No sneaky extensions installed whatsoever. I would recommend switching away from cloudflare to something like AWS CloudFront. This is nuts.