[tor-talk] Hidden Services - Access control.
Lluís
msl12 at sde12.jazztel.es
Fri Oct 3 14:38:52 UTC 2014
I understand that for "clients" you mean client processes as:
apache, httpd, etc.
Right ?
If that so, which is the point on specifying policies as
"reject 2.2.2.2:80" ???
Lluís
Spain
On 10/03/2014 04:23 PM, coderman wrote:
> On 10/3/14, Lluís <msl12 at sde12.jazztel.es> wrote:
>> ...
>> SocksPolicy policy,policy,...
>>
>> Being "policy" the same form as exit policies.
>>
>> Since I can "reject" anyone but me, this will act as a kind of
>> a firewall for hidden services. Am I right ?
>
> this is not correct; think of SocksPort as a way for clients to use
> the Tor program to access the Tor network; like TransPort and DNSPort.
> this does not affect reachability of the hidden services you are
> serving with your Tor instance.
>
>
>
>> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient"
>> option might be useful for me.
>
> seems so. the reason i mention PKI is a defense in depth
> configuration where Tor access to hidden services are in a domain
> distinct from services where key material for authentication and
> privacy are used. Tor == network layer, TLS == application layer,
> each in their own restricted runtime.
>
> to each their threat models...
>
>
> best regards,
>
More information about the tor-talk
mailing list