Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

Tor can now serve as http proxy - HTTPTunnelPort

According to How can we help? | Tor Project | Support Tor now supports HTTPTunnelPort, i.e. serving as an incoming http proxy, if I understand that right.

HTTPTunnelPort [address:]port|auto [isolation flags]

Open this port to listen for proxy connections using the “HTTP CONNECT” protocol instead of SOCKS. Set this to 0 0 if you don’t want to allow “HTTP CONNECT” connections. Set the port to “auto” to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. See SOCKSPort for an explanation of isolation flags. (Default: 0)

In past we’ve run into a few issues where applications had http proxy support but not socks proxy support. In these cases one needed to involve privoxy or polipo as a http proxy to socks proxy translator, which is really cumbersome (and may not provide stream isolation if used more than one application using it at the same time).

Does anyone remember these use cases?

What new options will HTTPTunnelPort give us at Whonix?

Yes indeed! This would make Tor more compatible with much more programs. I will try and search the forums for past mentions and report back.


No directly relevant mentions of HTTP torrification, however I noticed Gajim can use HTTP Connect. Does that change anything for the better in this case?

1 Like

No, if SocksPort is supported it is generally strongly preferred over http proxy.

(Except in theoretic cases we knew that SocksPort support is leaky while http proxy support is fine.)

1 Like

Let’s provide a few [1] HTTPTunnelPorts by default for custom user use in case this gets relevant?

On the other hand, does Tor’s use of RAM increase in significance ways with each opened SocksPort / HTTPTunnelPort port?

[1] Similar to the list of provided ports for use by users on https://www.whonix.org/wiki/Stream_Isolation#How_to_mitigate_identity_correlation.

hi patrick any update on this?

I am trying to use http proxies with an app that lets you split multiple protonmail accounts but they only accept http proxies

Previously due to lack of interest and activity and due to lack of practical use cases in this thread, no update planned.

Meanwhile you can add manually add HTTPTunnelPort's to your Tor config file.


Was actually implemented.

In Non-Qubes-Whonix.

  • IP:
  • port: 9190

Qubes-Whonix: adjust IP of Whonix-Gateway.

For other ports and other stream isolation settings, see file /usr/share/tor/tor-service-defaults-torrc:

cat /usr/share/tor/tor-service-defaults-torrc
1 Like