From 11542a3d04bb746e4d2ba83c3127f2e6b9292afc Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 4 Nov 2025 09:49:17 -0500
Subject: [PATCH] HTTP CONNECT: Reject request trying to use Arti RPC.

---
 src/core/or/connection_edge.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 94df58628f..e99701db7a 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -3131,6 +3131,14 @@ connection_ap_process_http_connect(entry_connection_t *conn)
     goto err;
   }
 
+  /* Reject the request if it's trying to interact with Arti RPC. */
+  char *rpc_hdr = http_get_header(headers, "Tor-RPC-Target: ");
+  if (rpc_hdr) {
+    tor_free(rpc_hdr);
+    errmsg = "HTTP/1.0 501 Not implemented (No RPC Support)\r\n";
+    goto err;
+  }
+
   /* Abuse the 'username' and 'password' fields here. They are already an
   * abuse. */
   {
-- 
2.47.3