Mercurial > prosody-modules
comparison mod_host_guard/README.wiki @ 1782:29f3d6b7ad16
Import wiki pages
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Aug 2015 16:43:56 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1781:12ac88940fe3 | 1782:29f3d6b7ad16 |
|---|---|
| 1 #summary Granular remote host blacklisting plugin | |
| 2 #labels Stage-Stable | |
| 3 | |
| 4 = Details = | |
| 5 | |
| 6 As often it's undesiderable to employ only whitelisting logics in public environments, this module let's you more selectively | |
| 7 restrict access to your hosts (component or server host) either disallowing access completely (with optional exceptions) or | |
| 8 blacklisting certain sources. | |
| 9 | |
| 10 = Usage = | |
| 11 | |
| 12 Copy the plugin into your prosody's modules directory. | |
| 13 And add it between your enabled modules into the global section (modules_enabled): | |
| 14 | |
| 15 * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components) | |
| 16 * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting) | |
| 17 | |
| 18 = Configuration = | |
| 19 | |
| 20 || *Option name* || *Description* || | |
| 21 || host_guard_blockall || A list of local hosts to protect from incoming s2s || | |
| 22 || host_guard_blockall_exceptions || A list of remote hosts that are always allowed to access hosts listed in host_guard_blockall || | |
| 23 || host_guard_selective || A list of local hosts to allow selective filtering (blacklist) of incoming s2s connections || | |
| 24 || host_guard_blacklist || A blacklist of remote hosts that are not allowed to access hosts listed in host_guard_selective || | |
| 25 | |
| 26 == Example == | |
| 27 <code language="lua"> | |
| 28 host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to. | |
| 29 host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- optional exceptions for the above. | |
| 30 host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting. | |
| 31 host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- above option/mode mandates the use of a blacklist, you may blacklist remote servers here. | |
| 32 </code> | |
| 33 | |
| 34 The above is updated when the server configuration is reloaded so that you don't need to restart the server. | |
| 35 | |
| 36 = Compatibility = | |
| 37 | |
| 38 * Works with 0.8.x, successive versions and trunk. |