问题
I'm experimenting with Node and socks5-https-client. For some reason, certain Tor hidden service (.onion
) sites return with a connection error.
For example, connecting to DuckDuckGo (3g2upl4pq6kufc4m.onion
) works and returns HTML.
However, connecting to The Pirate Bay (uj3wazyk5u4hnvtk.onion
) or TORCH (xmh57jrzrnw6insl.onion
) returns...
Error: SOCKS connection failed. Connection not allowed by ruleset.
What does this error mean? How can I avoid it?
Here's code to reproduce it:
var shttps = require('socks5-https-client');
shttps.get({
hostname: '3g2upl4pq6kufc4m.onion',
path: '',
socksHost: '127.0.0.1',
socksPort: 9150,
rejectUnauthorized: false
}, function(res) {
res.setEncoding('utf8');
res.on('readable', function() {
console.log(res.read()); // Log response to console.
});
});
The error seems to be caused by a 0x02
value in field 2 of the server response.
回答1:
In summary
The servers you're failing to access don't support HTTPS. In other words, their port 443 is closed. Tor's error message is unhelpful.
If your security needs permit it, you can fix this by falling back to socks5-http-client.
Steps I took to conclude that
Your code got me the same results on 64-bit Linux with Tor 0.2.5.10, socks5-https-client 1.0.1, Node 0.12.0.
I grep
ped socks5-https-client
's codebase for the error and got a hit in the dependency socks5-client
on this line. It translates the underlying SOCKS connection's error code to a human-readable message. Wikipedia's explanation of SOCKS5 error codes lines up with that, but is similarly unhelpfully vague
I found a related Tor bug report from 5 years ago complaining about a similar error, from the same type of SOCKS connection. Turns out the error just means the server rejected your connection.
Just to confirm, I tcping
ed TPB on port 443 (HTTPS) through Tor. It doesn't reply to TCP
SYN
, and fails with the same consistently confusing error:
$ torify tcping uj3wazyk5u4hnvtk.onion 443
[Mar 22 22:40:59] ERROR torsocks[18560]: Connection not allowed by ruleset (in socks5_recv_connect_reply() at socks5.c:520)
error: uj3wazyk5u4hnvtk.onion port 443: Software caused connection abort
Their port 80 (HTTP) replies though:
$ torify tcping uj3wazyk5u4hnvtk.onion 80
uj3wazyk5u4hnvtk.onion port 80 open.
Consequently, your code works for me if I use socks5-http-client instead of socks5-https-client.
来源:https://stackoverflow.com/questions/29175734/why-do-i-get-socks-connection-failed-connection-not-allowed-by-ruleset-for-so