From b290ee1aa04f2f5f4b7b418b6a78df924b197c6a Mon Sep 17 00:00:00 2001
From: acetone <acetone@disroot.org>
Date: Tue, 17 Jan 2023 09:00:11 +0300
Subject: [PATCH] Cfg example: verbose comments for Web Console auth and
 addresshelper for public proxy

---
 contrib/i2pd.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/i2pd.conf b/contrib/i2pd.conf
index c65d2bee..c8baa046 100644
--- a/contrib/i2pd.conf
+++ b/contrib/i2pd.conf
@@ -122,6 +122,8 @@ port = 7070
 ## Path to web console, default "/"
 # webroot = /
 ## Uncomment following lines to enable Web Console authentication
+## You should not use Web Console via public networks without additional encryption.
+## HTTP authentication is not encryption layer!
 # auth = true
 # user = i2pd
 # pass = changeme
@@ -139,6 +141,8 @@ port = 4444
 ## Optional keys file for proxy local destination
 # keys = http-proxy-keys.dat
 ## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+## You should disable this feature if your i2pd HTTP Proxy is public,
+## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
 # addresshelper = true
 ## Address of a proxy server inside I2P, which is used to visit regular Internet
 # outproxy = http://false.i2p