I understand that for "clients" you mean client processes as: apache, httpd, etc.
Right ? If that so, which is the point on specifying policies as "reject 2.2.2.2:80" ??? Lluís Spain On 10/03/2014 04:23 PM, coderman wrote: > On 10/3/14, Lluís <[email protected]> wrote: >> ... >> SocksPolicy policy,policy,... >> >> Being "policy" the same form as exit policies. >> >> Since I can "reject" anyone but me, this will act as a kind of >> a firewall for hidden services. Am I right ? > > this is not correct; think of SocksPort as a way for clients to use > the Tor program to access the Tor network; like TransPort and DNSPort. > this does not affect reachability of the hidden services you are > serving with your Tor instance. > > > >> Finally, I think "Lunar" is right, the "HiddenServiceAuthorizeClient" >> option might be useful for me. > > seems so. the reason i mention PKI is a defense in depth > configuration where Tor access to hidden services are in a domain > distinct from services where key material for authentication and > privacy are used. Tor == network layer, TLS == application layer, > each in their own restricted runtime. > > to each their threat models... > > > best regards, > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
