Mercurial > prosody-wiki
comparison mod_host_guard.wiki @ 282:caffa894b070
Add table of config options with descriptions
| author | MWild1@gmail.com |
|---|---|
| date | Sat, 26 May 2012 21:13:49 +0000 |
| parents | a0d014edd8df |
| children | 528721aaea46 |
comparison
equal
deleted
inserted
replaced
| 281:a0d014edd8df | 282:caffa894b070 |
|---|---|
| 13 And add it between your enabled modules into the global section (modules_enabled): | 13 And add it between your enabled modules into the global section (modules_enabled): |
| 14 | 14 |
| 15 * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components) | 15 * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components) |
| 16 * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting) | 16 * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting) |
| 17 | 17 |
| 18 Module configuration syntax: | 18 = Configuration = |
| 19 | |
| 20 || *Option name* || *Description* || | |
| 21 || host_guard_blockall || A list of local hosts to protect from incoming s2s || | |
| 22 || host_guard_blockall_exceptions || A list of remote hosts that are always allowed to access hosts listed in host_guard_blockall || | |
| 23 || host_guard_selective || A list of local hosts to allow selective filtering (blacklist) of incoming s2s connections || | |
| 24 || host_guard_blacklist || A blacklist of remote hosts that are not allowed to access hosts listed in host_guard_selective || | |
| 25 | |
| 26 == Example == | |
| 19 <code language="lua"> | 27 <code language="lua"> |
| 20 host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to. | 28 host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to. |
| 21 host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- optional exceptions for the above. | 29 host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- optional exceptions for the above. |
| 22 host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting. | 30 host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting. |
| 23 host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- above option/mode mandates the use of a blacklist, you may blacklist remote servers here. | 31 host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- above option/mode mandates the use of a blacklist, you may blacklist remote servers here. |