[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] How to protect apache local-restricted from secret service access?
When you have a website that is available from a tor secret service, how
do you forbid access to url restricted to ip=localhost?
I'm thinking of apache default http://xxxxx.onion/server-status for example.
Using "a2dismod status" is the obvious solution for that one, but does
anyone had a more generic solution?
Maybe a full VM with a vif interface? That's an heavy solution...
Anything more simple?
The web site I'm thinking about has a public address, nothing to hide,
and the .onion address is only there to protect the users. But I'd
rather not introduce too many security issues...
(BTW, a warning about these issues on
https://www.torproject.org/docs/tor-hidden-service.html would be nice)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to