Hi When you have a website that is available from a tor secret service, how do you forbid access to url restricted to ip=localhost?
I'm thinking of apache default http://xxxxx.onion/server-status for example. Using "a2dismod status" is the obvious solution for that one, but does anyone had a more generic solution? Maybe a full VM with a vif interface? That's an heavy solution... Anything more simple? The web site I'm thinking about has a public address, nothing to hide, and the .onion address is only there to protect the users. But I'd rather not introduce too many security issues... (BTW, a warning about these issues on https://www.torproject.org/docs/tor-hidden-service.html would be nice) -- Nirgal -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
