[tor-talk] Webserver on 127.0.0.1 only?
Jacob Appelbaum
jacob at appelbaum.net
Wed May 9 20:10:23 UTC 2012
On 05/09/2012 07:47 AM, Jerzy Łogiewa wrote:
> thank you both!
>
> On May 9, 2012, at 9:37 AM, Tom Ritter wrote:
>
>>> On 5/9/12 2:52 PM, Jerzy Łogiewa wrote:
>>>> when building webserver I want only 127.0.0.1 able to connect - not the internet and not 192.168.x.x even!
>>>>
>>>> this is for hidden service _ONLY_ and no one even on local network should be able to probe for it.
>>>>
>>>> i know how to setup hidden service basically. how can i do this above with apache or lighttpd? if i want the same for ssh how can I do it using system?
>>>>
>>>> restrict all connections to 127.0.0.1 - and no tails please! :-D
>>
>> In addition to Ralf's advice (which is correct), you can/should
>> configure a firewall to prevent connections to port 80 and 443 (and
>> really everything except how you connect to the box which is probably
>> ssh) just to be double-safe. You can use iptables for this, but if
>> iptables is really confusing to you, I personally use shorewall which
>> abstracts iptables to configuration files that make (more) sense.
>>
Don't forget to ensure that Apache doesn't do DNS lookups for visiting
hosts. Also, I'd probably just jail the apache or whatever user to
ensure it drops and logs any attempts to violate this policy - such logs
will help you to find and resolve issues quickly.
All the best,
Jacob
More information about the tor-talk
mailing list