From a69714bce8fe58151dea51711f62d221fdcabe3a Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sat, 11 Jan 2020 12:56:20 +0100
Subject: [PATCH] Enable hidden service intro DoS defense

---
 etc/tor/torrc      | 3 +++
 var/www/common.php | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/etc/tor/torrc b/etc/tor/torrc
index 12835ae..1b31972 100644
--- a/etc/tor/torrc
+++ b/etc/tor/torrc
@@ -60,6 +60,9 @@ HiddenServicePort 5049
 HiddenServicePort 5050
 HiddenServiceVersion 3
 HiddenServiceNumIntroductionPoints 5
+HiddenServiceEnableIntroDoSDefense 1
+HiddenServiceEnableIntroDoSRatePerSec 10
+HiddenServiceEnableIntroDoSBurstPerSec 100
 
 ClientUseIPv6 1
 ClientUseIPv4 1
diff --git a/var/www/common.php b/var/www/common.php
index c68d24b..04324ed 100644
--- a/var/www/common.php
+++ b/var/www/common.php
@@ -384,8 +384,14 @@ HiddenServiceNumIntroductionPoints $tmp[num_intros]
 HiddenServiceVersion $tmp[version]
 HiddenServiceMaxStreamsCloseCircuit 1
 HiddenServiceMaxStreams $tmp[max_streams]
-HiddenServicePort 80 unix:/var/run/nginx/$socket
 ";
+		if($tmp['version']=='3'){
+			$torrc.="HiddenServiceEnableIntroDoSDefense 1
+HiddenServiceEnableIntroDoSRatePerSec 10
+HiddenServiceEnableIntroDoSBurstPerSec 100
+";
+		}
+		$torrc.="HiddenServicePort 80 unix:/var/run/nginx/$socket\n";
 		if($tmp['enable_smtp']){
 			$torrc.="HiddenServicePort 25\n";
 		}