Visitor's IP is 127.0.0.1

Hello,
I discovered that in the apache log files the visitor is always logged as 127.0.0.1 if they visit the site over the configured hidden service . This can be problematic since fail2ban is intended be used for some services. Is this the intended behavior or should the remote address be forwarded somehow? The torrc file:

SocksPort [::]:9050
SocksPort 0.0.0.0:9050
ControlPort 9051
ORPort 9001
ORPort [::]:9001
BridgeRelay 1
ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
ExitPolicy reject *:*
ExitPolicy reject6 *:*
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 127.0.0.1:9040
TransPort [::1]:9040
DNSPort 127.0.0.1:9053
DNSPort [::1]:9053
HiddenServiceDir /var/lib/tor-instances/plinth/hidden_service
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443

An example line of log from Roundcube:

[30-May-2022 21:53:25 +0000]: <n37rhbnr> IMAP Error: Login failed for admin against localhost from 127.0.0.1. AUTHENTICATE PLAIN: Authentication failed. in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /roundcube/?_task=login&_action=login

The whole point of the Tor network is to hide the IP addresses of users (clients) and servers (onion services).

Your server doesn’t know who is connecting to it. And the client also doesn’t know where he is connecting to. That is how it’s supposed to be and the reason why people use the Tor network.

3 Likes

This topic was automatically closed 2 hours after the last reply. New replies are no longer allowed.