Blocking Tor2Web (NGinx)

Tor2Web (and Web2Tor) are reverse proxies giving access to Tor Hidden Services (or oinions) via the public internet. The problem with this, is that they act as a trusted middleman, potentially putting unwitting user's privacy and security at risk

For sites that are multi-homed onto both the WWW and Tor Hidden Services, there's also the risk of a duplicate content penalty in search engine indexes (because Google will still index the Tor2Web sites).

Note that this implementation will only block those Tor2Web nodes that announce themselves, others won't trigger the block - in order to catch those, you need to run some javascript client side (see below) though client-side defences can easily be stripped

Details

  • Language: NGinx

Snippet

# You should create an error page to explain why the
# request was blocked
error_page 405 = /405.html; 

location /405.html {
    root /path/to/your/error/page;
}

if ($http_x_tor2web){
    set $tor2web T;
}

# Avoid redirect loops
if ($request_uri = '/405.html'){
    set $tor2web R;
}

if ($tor2web = T){
    return 301 /405.html;
}