view mod_isolate_host/README.markdown @ 5209:942f8a2f722d

mod_http_oauth2: Allow non-HTTPS on localhost URLs This is the recommended behaviour (draft-ietf-oauth-v2-1-07 section 7.5.1).
author Matthew Wild <mwild1@gmail.com>
date Mon, 06 Mar 2023 10:29:14 +0000
parents 8de50be756e5
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: Prevent communication between hosts
...

Introduction
============

In some environments it is desirable to isolate one or more hosts, and
prevent communication with external, or even other internal domains.

Loading mod\_isolate\_host on a host will prevent all communication with
JIDs outside of the current domain, though it is possible to configure
exceptions.

**Note:** if you just want to prevent communication with external
domains, this is possible without a plugin. See [Prosody: Disabling
s2s](http://prosody.im/doc/s2s#disabling) for more information.

This module was sponsored by [Exa Networks](http://exa-networks.co.uk/).

Configuration
=============

To isolate all hosts by default, add the module to your global
modules\_enabled:

``` {.lua}
modules_enabled = {
  ...
    "isolate_host";
  ...
}
```

Alternatively you can isolate a single host by putting a
modules\_enabled line under the VirtualHost directive:

``` {.lua}
VirtualHost "example.com"
modules_enabled = { "isolate_host" }
```

After enabling the module, you can add further options to add exceptions
for the isolation:

  Option                     Description
  -------------------------- -----------------------------------------------------------------------------------------
  isolate\_except\_domains   A list of domains to allow communication with.
  isolate\_except\_users     A list of user JIDs allowed to bypass the isolation and communicate with other domains.

**Note:** Admins of hosts are always allowed to communicate with other
domains

Compatibility
=============

  ----- -------
  0.9   Works
  ----- -------