diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2023-07-03 22:48:23 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2023-07-03 22:48:23 -0300 |
commit | f170a3664268cabf8c2b22e4430d9680edd5db20 (patch) | |
tree | f4ba9277270899f9fdbda2cd1d5166aff6d5967b | |
parent | 72adda4cd17c496fd13061c867de8d2c4984e7af (diff) | |
download | puppet-apache-f170a3664268cabf8c2b22e4430d9680edd5db20.tar.gz puppet-apache-f170a3664268cabf8c2b22e4430d9680edd5db20.tar.bz2 |
Feat: adds a catch-all VirtualHost for any site listening only in localhost
-rw-r--r-- | templates/default.erb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/templates/default.erb b/templates/default.erb index 08c3a87..6e9e4fe 100644 --- a/templates/default.erb +++ b/templates/default.erb @@ -12,3 +12,19 @@ </VirtualHost> # end vhost for <%= @fqdn %> + +# A catch-all VirtualHost for any site listening only in localhost. +# +# This is meant to protect these sites (such as Tor Onion Services) from +# exposing other data from the server, such as the default public VirtualHost +# above. +# +# This is not a strong measure, since the server can be fingerprinted by other +# means. +# +# Best thing to do is not mix public and non-public sites in the same server. +# +# For additional details, check +# https://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/30 +<VirtualHost 127.0.0.1:80> +</VirtualHost> |