On 02/04/2015 08:19 AM, contact_...@nirgal.com wrote: > Hi > > When you have a website that is available from a tor secret service, how > do you forbid access to url restricted to ip=localhost? > > I'm thinking of apache default http://xxxxx.onion/server-status for example. > > Using "a2dismod status" is the obvious solution for that one, but does > anyone had a more generic solution? > Maybe a full VM with a vif interface? That's an heavy solution... > Anything more simple?
You can use firewall rules. > The web site I'm thinking about has a public address, nothing to hide, > and the .onion address is only there to protect the users. But I'd > rather not introduce too many security issues... Running hidden services and non-Tor websites on the same server is generally considered bad practice. > (BTW, a warning about these issues on > https://www.torproject.org/docs/tor-hidden-service.html would be nice) > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
