Mercurial > prosody-modules

view mod_isolate_host/README.markdown @ 5516:f25df3af02c1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_client_management: Include client software version number in listing Should you ever wish to revoke a client by version number, e.g. for security reasons affecting certain versions, then it would be good to at the very least see which version is used. Also includes the OAuth2 software ID, an optional unique identifier that should be the same for all installations of a particular software.
author Kim Alvefur <zash@zash.se>
date Sat, 03 Jun 2023 19:21:39 +0200
parents 8de50be756e5
children
line wrap: on
line source

---
labels:
- 'Stage-Beta'
summary: Prevent communication between hosts
...

Introduction
============

In some environments it is desirable to isolate one or more hosts, and
prevent communication with external, or even other internal domains.

Loading mod\_isolate\_host on a host will prevent all communication with
JIDs outside of the current domain, though it is possible to configure
exceptions.

**Note:** if you just want to prevent communication with external
domains, this is possible without a plugin. See [Prosody: Disabling
s2s](http://prosody.im/doc/s2s#disabling) for more information.

This module was sponsored by [Exa Networks](http://exa-networks.co.uk/).

Configuration
=============

To isolate all hosts by default, add the module to your global
modules\_enabled:

``` {.lua}
modules_enabled = {
  ...
    "isolate_host";
  ...
}
```

Alternatively you can isolate a single host by putting a
modules\_enabled line under the VirtualHost directive:

``` {.lua}
VirtualHost "example.com"
modules_enabled = { "isolate_host" }
```

After enabling the module, you can add further options to add exceptions
for the isolation:

  Option                     Description
  -------------------------- -----------------------------------------------------------------------------------------
  isolate\_except\_domains   A list of domains to allow communication with.
  isolate\_except\_users     A list of user JIDs allowed to bypass the isolation and communicate with other domains.

**Note:** Admins of hosts are always allowed to communicate with other
domains

Compatibility
=============

  ----- -------
  0.9   Works
  ----- -------