[tor-talk] How to protect apache local-restricted from secret service access?
contact_tor at nirgal.com
contact_tor at nirgal.com
Wed Feb 4 15:19:45 UTC 2015
Hi
When you have a website that is available from a tor secret service, how
do you forbid access to url restricted to ip=localhost?
I'm thinking of apache default http://xxxxx.onion/server-status for example.
Using "a2dismod status" is the obvious solution for that one, but does
anyone had a more generic solution?
Maybe a full VM with a vif interface? That's an heavy solution...
Anything more simple?
The web site I'm thinking about has a public address, nothing to hide,
and the .onion address is only there to protect the users. But I'd
rather not introduce too many security issues...
(BTW, a warning about these issues on
https://www.torproject.org/docs/tor-hidden-service.html would be nice)
--
Nirgal
More information about the tor-talk
mailing list