annotate mod_s2s_blackwhitelist.wiki @ 399:c35cf2a46b78

mod_s2s_auth_fingerprint: Describe cert pinning mode
author Kim Alvefur <zash@zash.se>
date Fri, 16 Aug 2013 00:23:17 +0200
parents c929df198f10
children 528721aaea46
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
144
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
1 #summary Module for setting blacklist and whitelist on new server to server connections
373
c929df198f10 Mark pages of modules no longer in the repo as Deprecated
Kim Alvefur <zash@zash.se>
parents: 356
diff changeset
2 #labels Deprecated
144
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
3
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
4 = Introduction =
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
5
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
6 This module adds the functionality of blacklist and whitelist for new server to server connections (federation).
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
7
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
8
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
9 = Details =
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
10
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
11 If the configuration is changed then you can use console to issue "config:reload()" and this plugin will automatically reload the black/whitelists.
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
12
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
13 You can either choose whitelist or blacklist functionality (both can't co-exist).
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
14
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
15 Note: If a host with existing connections is blacklisted then this module will not tear down existing connection since that was created when the connection agreement was valid. You will need to use "s2s:close" command on console to manually close those connections.
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
16
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
17 = Configuration =
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
18
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
19 First define whether you need blacklist or whitelist,
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
20
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
21 {{{
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
22 s2s_enable_blackwhitelist = "whitelist" -- enable whitelist. use blacklist to use blacklists
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
23 }}}
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
24
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
25 Now create populate an array of domains in those lists
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
26
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
27 For whitelist,
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
28
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
29 {{{
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
30 s2s_whitelist = { "abc.net", "gmail.com", "xyz.net" }
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
31 }}}
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
32
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
33 For blacklist,
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
34
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
35 {{{
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
36 s2s_blacklist = { "gmail.com", "xyz.com" }
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
37 }}}
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
38
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
39 You can change configuration at runtime but need to use console plugin to reload configuration via "config:reload" command.
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
40
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
41 = Compatibility =
9afa02b561fa Created wiki page through web user interface.
gauravsri@gmail.com
parents:
diff changeset
42
356
85a5bc45b8b9 Doesn't work with 0.9
MWild1@gmail.com
parents: 144
diff changeset
43 || 0.9 || Doesn't work ||
85a5bc45b8b9 Doesn't work with 0.9
MWild1@gmail.com
parents: 144
diff changeset
44 || 0.8 || Unknown ||
373
c929df198f10 Mark pages of modules no longer in the repo as Deprecated
Kim Alvefur <zash@zash.se>
parents: 356
diff changeset
45 || 0.7 || tested to work with dialbacks ||