Why do I get "SOCKS connection failed. Connection not allowed by ruleset" for some .onion sites?

Question

I'm experimenting with Node and socks5-https-client. For some reason, certain Tor hidden service (.onion) sites return with a connection error.

For example, connecting to DuckDuckGo (3g2upl4pq6kufc4m.onion) works and returns HTML.

However, connecting to The Pirate Bay (uj3wazyk5u4hnvtk.onion) or TORCH (xmh57jrzrnw6insl.onion) returns...

Error: SOCKS connection failed. Connection not allowed by ruleset.

What does this error mean? How can I avoid it?

Here's code to reproduce it:

var shttps = require('socks5-https-client');

shttps.get({
    hostname: '3g2upl4pq6kufc4m.onion',
    path: '',
    socksHost: '127.0.0.1',
    socksPort: 9150,
    rejectUnauthorized: false
}, function(res) {
    res.setEncoding('utf8');
    res.on('readable', function() {
        console.log(res.read()); // Log response to console.
    });
});

The error seems to be caused by a 0x02 value in field 2 of the server response.

"Ruleset" sounds like a firewall or other config file. Do you have anything resembling such going on? — Anko - inactive in protest, Mar 22 '15 at 22:12
Ports are open and no firewall. It's strange. I can access both tpb and TORCH with firefox. — maelswarm, Mar 22 '15 at 22:14

Anko - inactive in protest · Accepted Answer · 2017-07-27T16:12:31.657

In summary

The servers you're failing to access don't support HTTPS. In other words, their port 443 is closed. Tor's error message is unhelpful.

If your security needs permit it, you can fix this by falling back to socks5-http-client.

Steps I took to conclude that

Your code got me the same results on 64-bit Linux with Tor 0.2.5.10, socks5-https-client 1.0.1, Node 0.12.0.

I grepped socks5-https-client's codebase for the error and got a hit in the dependency socks5-client on this line. It translates the underlying SOCKS connection's error code to a human-readable message. Wikipedia's explanation of SOCKS5 error codes lines up with that, but is similarly unhelpfully vague

I found a related Tor bug report from 5 years ago complaining about a similar error, from the same type of SOCKS connection. Turns out the error just means the server rejected your connection.

Just to confirm, I tcpinged TPB on port 443 (HTTPS) through Tor. It doesn't reply to TCP SYN, and fails with the same consistently confusing error:

$ torify tcping uj3wazyk5u4hnvtk.onion 443
[Mar 22 22:40:59] ERROR torsocks[18560]: Connection not allowed by ruleset (in socks5_recv_connect_reply() at socks5.c:520)
error: uj3wazyk5u4hnvtk.onion port 443: Software caused connection abort

Their port 80 (HTTP) replies though:

$ torify tcping uj3wazyk5u4hnvtk.onion 80
uj3wazyk5u4hnvtk.onion port 80 open.

Consequently, your code works for me if I use socks5-http-client instead of socks5-https-client.

Thanks @Anko for your helpful answer. In my case I just had to turn off my SOCKS proxy from my Network Preferences. Hope that helps someone else. — Lydia Ralph, Nov 10 '15 at 11:57
This is a lifesaver. I had a Google oauth login require login link that used HTTP, not HTTPS. It was an awkward situation. — Hyfy, May 04 '21 at 05:45

Why do I get "SOCKS connection failed. Connection not allowed by ruleset" for some .onion sites?

1 Answers1

In summary

Steps I took to conclude that

Linked