​

Operations: Loopback Policy Violations

​

What Violates Policy

• binding ClawControl to non-loopback interfaces
• attempting to expose via tailscale serve
• reverse proxy/public tunnel exposure

​

Detection

• 403 response from proxy host guard for non-loopback host headers
• startup guard failure from local-only script
• listener checks showing 0.0.0.0 instead of loopback

​

Verification Commands

lsof -nP -iTCP:3000 -sTCP:LISTEN
lsof -nP -iTCP:18789 -sTCP:LISTEN

​

Required Remediation

1. remove non-loopback host env overrides
2. stop unsupported exposure tooling
3. restart ClawControl in local-only mode
4. use SSH tunnel workflow for remote operations

​

Last updated

​

Related pages

• Security: Local-only Enforcement
• Security: Forbidden Exposure Paths
• Remote Tunnel-only Workflow