Mercurial > prosody-wiki
annotate mod_host_guard.wiki @ 280:22f6a2a998cf
Made it clearer?
| author | maranda3985@gmail.com |
|---|---|
| date | Sat, 26 May 2012 20:52:16 +0000 |
| parents | 012884e6ba5d |
| children | a0d014edd8df |
| rev | line source |
|---|---|
| 240 | 1 #summary Granular remote host blacklisting plugin |
| 2 #labels Stage-Stable | |
| 3 | |
| 4 = Details = | |
| 5 | |
|
247
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
6 As often it's undesiderable to employ only whitelisting logics in public environments, this module let's you more selectively |
|
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
7 restrict access to your hosts (component or server host) either disallowing access completely (with optional exceptions) or |
|
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
8 blacklisting certain sources. |
| 240 | 9 |
| 10 = Usage = | |
| 11 | |
| 12 Copy the plugin into your prosody's modules directory. | |
| 13 And add it between your enabled modules into the global section (modules_enabled): | |
| 14 | |
|
247
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
15 * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components) |
| 240 | 16 * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting) |
| 17 | |
|
247
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
18 Module configuration syntax: |
| 280 | 19 <code language="lua"> |
| 20 host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to. | |
| 21 host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- exceptions for the above. | |
| 22 host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting. | |
| 23 host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- blacklisted remote hosts. | |
| 24 </code> | |
| 240 | 25 |
|
247
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
26 The above is updated when the server configuration is reloaded so that you don't need to restart the server. |
|
012884e6ba5d
edited wiki to reflect changes.
Marco Cirillo <maranda@lightwitch.org>
parents:
240
diff
changeset
|
27 |
| 240 | 28 = Compatibility = |
| 29 | |
| 280 | 30 * Works with 0.8.x, successive versions and trunk. |