When a webserver runs behind a hidden service, can it serve multiple HTTP requests at the same time, or will it only be able to handle one request at a time?
Asked
Active
Viewed 287 times
2 Answers
4
Webservers generally accept many simultaneous connections, and process many requests simultaneously. As Peter Palfrader aka weasel notes in his answer, the Tor hidden service protocol can also handle multiple simultaneous connections.
Users see the webserver's public hostname, and connect via Tor circuits. The webserver sees users coming from virtual ports on the Tor gateway. But they're all routed through one reverse proxy, so there is a throughput bottleneck.
[This space is available for someone who can explain workarounds.]
Make sure that your server is well secured. If you need remote ssh and sftp, disable password-based login and and root login, and allow only id_rsa.pub-based login by user. Also, stick to static html unless you know php and mysql well. Vulnerabilities in php and mysql are the major holes when remote login is secured.
If you're just learning, it may be best to start with thttpd. It's a very simple and secure (with small attack surface) webserver. And it also "has one extremely useful feature (URL-traffic-based throttling) that no other server currently has".
mirimir
- 3,017
- 1
- 19
- 29
2
A hidden service can handle multiple connections at a time. Thus, your webserver should be able to handle multiple requests at a time.
weasel - Peter Palfrader
- 5,158
- 1
- 24
- 39