Lighttpd

Hello,

I'm serving a website with lighttpd through a tor hidden service and was wondering if it's possible to block access to the website from Tor2web-proxies (like .to, .city,...) to protect the privacy of the visitors by forcing them to use a tor browser instead of tor2web?

The request header

2016-09-07 09:12:46: (request.c.311) fd: 8 request-len: 401 \nGET /avatar.png HTTP/1.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, chunked\r\nX-Forwarded-Host: abcdefghijklmnop.onion.to\r\nX-Tor2web: 1\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nUser-Agent: Mozilla/4.9 (X10; Mint; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/47.0\r\nDNT: 1\r\nHost: abcdefghijklmnop.onion\r\nX-Forwarded-Proto: https\r\n\r\n

of a Tor2web-proxy (.to in this case) contains "X-Tor2web" but I can't find a way (or maybe this isn't even possible with lighttpd) to block requests that contain "X-Tor2web" in the header with something similar to putting

1. deny access for all googlebot
   $HTTP["useragent"] =~ "Google" {
   url.access-deny = ( "" )
   }

in lighttpd.conf.