As well as many other site owners who use Cloudflare as their CDN and DDoS protection provider, we always suffered from the famous annoying issue which we could never resolve – the fact that our visitors who use Tor were sometimes being forced to solve annoying captchas to access our site (or just use our onion address to avoid them), even when the Cloudflare protection was set to the lowest level, which isn’t always the case, due to many attacks we have to deal with.
But now, we were happy to find out that Since late February 2016, Cloudflare started treating Tor exit nodes as a “country” of its own. There’s no geography associated with exit node IPs, but this approach lets CloudFlare customers override the default CloudFlare threat score to define the experience for their Tor visitors – and by doing this, disabling the captchas for all visitors who use Tor.
If you run a web site on CloudFlare, and you don’t want Tor users to see captchas, then the only thing you need to do is whitelist the “T1” country code in the Access Rules of the CloudFlare Firewall app.
Here’s an example where a