diff --git a/Makefile b/Makefile
index ab88e4d..e2ad45c 100644
--- a/Makefile
+++ b/Makefile
@@ -185,6 +185,7 @@ install-common:
 	install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/
 	install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
 	install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
+	install -m 0644 -D network/updates-blacklist $(DESTDIR)/etc/tinyproxy/updates-blacklist
 	install -m 0755 -D network/iptables-updates-proxy $(DESTDIR)$(LIBDIR)/qubes/iptables-updates-proxy
 	install -d $(DESTDIR)/etc/xdg/autostart
 	install -m 0755 network/show-hide-nm-applet.sh $(DESTDIR)$(LIBDIR)/qubes/show-hide-nm-applet.sh
diff --git a/network/tinyproxy-updates.conf b/network/tinyproxy-updates.conf
index d2a260a..5372fd9 100644
--- a/network/tinyproxy-updates.conf
+++ b/network/tinyproxy-updates.conf
@@ -22,3 +22,8 @@ Allow 10.137.0.0/16
 
 ConnectPort 443
 
+# Explicitly block connections to the proxy IP, to return an error in such
+# case. This error page contains a magic string which is used in Whonix to
+# detect whether proxy is torified or not.
+# See https://github.com/qubesos/qubes-issues/issues/1482 for details
+Filter "/etc/tinyproxy/updates-blacklist"
diff --git a/network/updates-blacklist b/network/updates-blacklist
new file mode 100644
index 0000000..734e64a
--- /dev/null
+++ b/network/updates-blacklist
@@ -0,0 +1 @@
+10.137.255.254
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index 116da0d..98e2bda 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -331,6 +331,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/qubes/iptables.rules
 %config(noreplace) /etc/qubes/ip6tables.rules
 %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
+%config(noreplace) /etc/tinyproxy/updates-blacklist
 %config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules
 %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules
 /etc/xdg/autostart/00-qubes-show-hide-nm-applet.desktop