[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to protect apache local-restricted from secret service access?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx, mirimir@xxxxxxxxxx
Subject: Re: [tor-talk] How to protect apache local-restricted from secret service access?
From: contact_tor@xxxxxxxxxx
Date: Fri, 27 Feb 2015 14:37:40 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 Feb 2015 09:38:08 -0500
In-reply-to: <54D58FA8.9040302@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54D23891.3040409@xxxxxxxxxx> <54D39634.6090703@xxxxxxxxxx> <54D4E299.7080806@xxxxxxxxxx> <54D58FA8.9040302@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Mirimir wrote:
> On 02/06/2015 08:49 AM, contact_tor@xxxxxxxxxx wrote:
>> Documentation really should warn about this, IMHO:
>> https://www.torproject.org/docs/tor-hidden-service.html
>> and possibly a one line warning in the example torrc since
>> "HiddenServicePort 80 127.0.0.1:80" typically is a problem.
> 
> Yes.

How can I make that happen?

Here's a draft for the last bullet points (English is not my native
language):

* Make sure you don't grant access to special URLs based on source IP
address, since all connection will come from localhost or wherever you
install tor on your LAN. For example, on apache, you should disable
mod_status and all modules/sites/conf with "Require local" directive.

In example torrc, we could add:

## Be aware source IP filtering will not be available:
## see https://www.torproject.org/docs/tor-hidden-service.html

before

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] How to protect apache local-restricted from secret service access?
  - From: contact_tor
- Re: [tor-talk] How to protect apache local-restricted from secret service access?
  - From: Mirimir
- Re: [tor-talk] How to protect apache local-restricted from secret service access?
  - From: contact_tor
- Re: [tor-talk] How to protect apache local-restricted from secret service access?
  - From: Mirimir

Prev by Author: Re: [tor-talk] How to protect apache local-restricted from secret service access?
Next by Author: [tor-talk] The Reading Room hidden service
Previous by thread: Re: [tor-talk] How to protect apache local-restricted from secret service access?
Next by thread: [tor-talk] Orbot+VPN alpha preview
Index(es):
- Author
- Thread