Mercurial > prosody-modules
diff mod_host_guard/README.wiki @ 1782:29f3d6b7ad16
Import wiki pages
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 24 Aug 2015 16:43:56 +0200 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_host_guard/README.wiki Mon Aug 24 16:43:56 2015 +0200 @@ -0,0 +1,38 @@ +#summary Granular remote host blacklisting plugin +#labels Stage-Stable + += Details = + +As often it's undesiderable to employ only whitelisting logics in public environments, this module let's you more selectively +restrict access to your hosts (component or server host) either disallowing access completely (with optional exceptions) or +blacklisting certain sources. + += Usage = + +Copy the plugin into your prosody's modules directory. +And add it between your enabled modules into the global section (modules_enabled): + + * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components) + * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting) + += Configuration = + +|| *Option name* || *Description* || +|| host_guard_blockall || A list of local hosts to protect from incoming s2s || +|| host_guard_blockall_exceptions || A list of remote hosts that are always allowed to access hosts listed in host_guard_blockall || +|| host_guard_selective || A list of local hosts to allow selective filtering (blacklist) of incoming s2s connections || +|| host_guard_blacklist || A blacklist of remote hosts that are not allowed to access hosts listed in host_guard_selective || + +== Example == +<code language="lua"> +host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to. +host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- optional exceptions for the above. +host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting. +host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- above option/mode mandates the use of a blacklist, you may blacklist remote servers here. +</code> + +The above is updated when the server configuration is reloaded so that you don't need to restart the server. + += Compatibility = + + * Works with 0.8.x, successive versions and trunk. \ No newline at end of file