[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] How to protect apache local-restricted from secret service access?
Mirimir wrote:
> On 02/06/2015 08:49 AM, contact_tor@xxxxxxxxxx wrote:
>> Documentation really should warn about this, IMHO:
>> https://www.torproject.org/docs/tor-hidden-service.html
>> and possibly a one line warning in the example torrc since
>> "HiddenServicePort 80 127.0.0.1:80" typically is a problem.
>
> Yes.
How can I make that happen?
Here's a draft for the last bullet points (English is not my native
language):
* Make sure you don't grant access to special URLs based on source IP
address, since all connection will come from localhost or wherever you
install tor on your LAN. For example, on apache, you should disable
mod_status and all modules/sites/conf with "Require local" directive.
In example torrc, we could add:
## Be aware source IP filtering will not be available:
## see https://www.torproject.org/docs/tor-hidden-service.html
before
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk