[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] How to protect apache local-restricted from secret service access?


When you have a website that is available from a tor secret service, how
do you forbid access to url restricted to ip=localhost?

I'm thinking of apache default http://xxxxx.onion/server-status for example.

Using "a2dismod status" is the obvious solution for that one, but does
anyone had a more generic solution?
Maybe a full VM with a vif interface? That's an heavy solution...
Anything more simple?

The web site I'm thinking about has a public address, nothing to hide,
and the .onion address is only there to protect the users. But I'd
rather not introduce too many security issues...

(BTW, a warning about these issues on
https://www.torproject.org/docs/tor-hidden-service.html would be nice)

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to