[Security] Deny access to all tpo onion sites if request sent from Tor2Web services (#24728) · Issues · The Tor Project / TPA / TPA team · GitLab

[Security] Deny access to all tpo onion sites if request sent from Tor2Web services

Such as https://ea5faa5po25cf7fb[.]onion[.]best/ if ($http_x_tor2web) { return 403; } Useful info: > Actual header: https://github.com/globaleaks/Tor2web/commit/552eedd12942911675365d0c5d8b06b964b8e0b0 > (Info)Why T2W is bad: https://www.bentasker.co.uk/blog/security/346-don-t-use-web2tor > (Client)Remove T2W domain from request: https://addons.mozilla.org/en-US/firefox/addon/healthyonions/

issue