When securing a tor hidden service with HiddenServiceAuthorizeClient, is it possible to get the client-name (or maybe the auth-cookie) provided by the client or is it solely for authorization but not authentication?
in PHP I've tried to read it from $_REQUEST, $_SESSION, $_COOKIE and the getallheaders() function but I cant't find the info. also not found in logfiles of apache2 and tor.
分享 If anything, it would probably appear in a $_SERVER['HTTP_X...'] header but I looked at the source code and it doesn't appear that information gets passed along with the request.
Tor only uses it to decide whether or not to accept the rendezvous request with the hidden service and drops it if missing or incorrect. Since almost any service can be a hidden service I don't know that Tor is actually aware that it's forwarding an HTTP request (also considering you can host an SSL service over Tor which it wouldn't be able to see the contents of anyway).
I know it isn't a definitive answer but from looking at the source I don't see the authentication information passed along anywhere, only being validated if the hidden service uses HiddenServiceAuthorizeClient.
分享
