[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to protect apache local-restricted from secret service access?

Mirimir wrote:
> On 02/06/2015 08:49 AM, contact_tor@xxxxxxxxxx wrote:
>> Documentation really should warn about this, IMHO:
>> https://www.torproject.org/docs/tor-hidden-service.html
>> and possibly a one line warning in the example torrc since
>> "HiddenServicePort 80" typically is a problem.
> Yes.

How can I make that happen?

Here's a draft for the last bullet points (English is not my native

* Make sure you don't grant access to special URLs based on source IP
address, since all connection will come from localhost or wherever you
install tor on your LAN. For example, on apache, you should disable
mod_status and all modules/sites/conf with "Require local" directive.

In example torrc, we could add:

## Be aware source IP filtering will not be available:
## see https://www.torproject.org/docs/tor-hidden-service.html


#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to