[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to protect apache local-restricted from secret service access?

Ping! That issue was slashdot'ed yesterday:


In February 2015, contact_tor@xxxxxxxxxx wrote:
> Mirimir wrote:
>> On 02/06/2015 08:49 AM, contact_tor@xxxxxxxxxx wrote:
>>> Documentation really should warn about this, IMHO:
>>> https://www.torproject.org/docs/tor-hidden-service.html
>>> and possibly a one line warning in the example torrc since
>>> "HiddenServicePort 80" typically is a problem.
>> Yes.
> How can I make that happen?
> Here's a draft for the last bullet points (English is not my native
> language):
> * Make sure you don't grant access to special URLs based on source IP
> address, since all connection will come from localhost or wherever you
> install tor on your LAN. For example, on apache, you should disable
> mod_status and all modules/sites/conf with "Require local" directive.
> In example torrc, we could add:
> ## Be aware source IP filtering will not be available:
> ## see https://www.torproject.org/docs/tor-hidden-service.html
> before
> #HiddenServiceDir /var/lib/tor/hidden_service/
> #HiddenServicePort 80

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to