annotate mod_isolate_host.wiki @ 378:3f73ea0fef1c

mod_s2s_auth_dnssec_srv: Google code wiki blah can't have links spanning multiple lines? Pfft!
author Kim Alvefur <zash@zash.se>
date Sat, 29 Jun 2013 22:36:20 +0200
parents 9993b7c47dd0
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
359
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
1 #summary Prevent communication between hosts
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
2 #labels Stage-Beta
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
3
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
4 = Introduction =
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
5
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
6 In some environments it is desirable to isolate one or more hosts, and prevent communication with external, or even other internal domains.
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
7
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
8 Loading mod_isolate_host on a host will prevent all communication with JIDs outside of the current domain, though it is possible to configure exceptions.
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
9
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
10 *Note:* if you just want to prevent communication with external domains, this is possible without a plugin. See [http://prosody.im/doc/s2s#disabling Prosody: Disabling s2s] for more information.
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
11
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
12 This module was sponsored by [http://exa-networks.co.uk/ Exa Networks].
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
13
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
14 = Configuration =
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
15
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
16 To isolate all hosts by default, add the module to your global modules_enabled:
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
17
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
18 {{{
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
19 modules_enabled = {
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
20 ...
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
21 "isolate_host";
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
22 ...
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
23 }
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
24 }}}
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
25
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
26 Alternatively you can isolate a single host by putting a modules_enabled line under the VirtualHost directive:
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
27
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
28 {{{
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
29 VirtualHost "example.com"
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
30 modules_enabled = { "isolate_host" }
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
31 }}}
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
32
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
33 After enabling the module, you can add further options to add exceptions for the isolation:
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
34
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
35 || *Option* || *Description* ||
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
36 || isolate_except_domains || A list of domains to allow communication with. ||
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
37 || isolate_except_users || A list of user JIDs allowed to bypass the isolation and communicate with other domains. ||
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
38
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
39 *Note:* Admins of hosts are always allowed to communicate with other domains
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
40
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
41 = Compatibility =
9993b7c47dd0 Created wiki page through web user interface.
MWild1@gmail.com
parents:
diff changeset
42 || 0.9 || Works ||