[tor-dev] Putting onion services behind a third-party TCP proxy

Pop Chunhapanya pop at cloudflare.com
Wed Aug 14 19:10:27 UTC 2019

Hi all,

When deploying an onion service, I noticed some problem that the ip address
of my machine that runs tor daemon is exposed to the Tor network which is
vulnerable to the DDoS attack if someone knows my ip address.

So I'm thinking putting the tor daemon behind some third party TCP proxy
that will protect me from this kind of DDoS attack.

What do you think if I want to implement a feature that forward all the
onion service traffic to the TCP proxy before going to the Tor network?

The protocol that I'm thinking is TCP Proxy Protocol [1]

[1] https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190814/2b8a3540/attachment.html>

More information about the tor-dev mailing list