On Sun, 14 Apr 2019 00:54:42 +0400 meejah <mee...@meejah.ca> wrote: > Mirimir <miri...@riseup.net> writes: > > > Even so, that's a little fragile. Mistakes happen. And there's the issue > > of web server error messages from the onion site going to clearnet. > > That's one of the mistakes that got DPR pwned. > > The best solution to prevent this accident is to have the onion site > listening on a Unix socket, and set up the Onion service in Tor to > direct to that.
Still if you run regular and anonymous websites in the same server process, it is a disaster waiting to happen. At least don't forget to ensure that your clearnet listener doesn't answer to the .onion "Host: ", and vice versa. But if this is even remotely critical, then just run a fully separate server process, and a simple way to do that (granting you more isolation as a bonus) as mentioned before, is a VM. -- With respect, Roman -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk