Skip to content

GitLab

Closed
Created by cypherpunks@cypherpunks

[Security] Deny access to all tpo onion sites if request sent from Tor2Web services

Such as https://ea5faa5po25cf7fb[.]onion[.]best/

if ($http_x_tor2web) { return 403; }

Useful info:

Actual header: https://github.com/globaleaks/Tor2web/commit/552eedd12942911675365d0c5d8b06b964b8e0b0 (Info)Why T2W is bad: https://www.bentasker.co.uk/blog/security/346-don-t-use-web2tor (Client)Remove T2W domain from request: https://addons.mozilla.org/en-US/firefox/addon/healthyonions/

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information