#24728: [Security] Deny access to all tpo onion sites if request sent from Tor2Web services ----------------------------------+-------------------- Reporter: cypherpunks | Owner: (none) Type: task | Status: new Priority: Medium | Milestone: Component: Webpages/Website | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ----------------------------------+-------------------- Such as https://ea5faa5po25cf7fb[.]onion[.]best/
if ($http_x_tor2web) { return 403; } Useful info: > Actual header: https://github.com/globaleaks/Tor2web/commit/552eedd12942911675365d0c5d8b06b964b8e0b0 > (Info)Why T2W is bad: https://www.bentasker.co.uk/blog/security/346-don-t-use-web2tor > (Client)Remove T2W domain from request: https://addons.mozilla.org/en- US/firefox/addon/healthyonions/ -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24728> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs