view mod_host_guard.wiki @ 273:0541b8aba1f8

Noted that webadmin_http_ports supports the same advanced config as mod_bosh (thanks Ge0rG)
author MWild1@gmail.com
date Thu, 12 Apr 2012 11:29:09 +0000
parents 012884e6ba5d
children 22f6a2a998cf
line wrap: on
line source

#summary Granular remote host blacklisting plugin
#labels Stage-Stable

= Details =

As often it's undesiderable to employ only whitelisting logics in public environments, this module let's you more selectively
restrict access to your hosts (component or server host) either disallowing access completely (with optional exceptions) or 
blacklisting certain sources.

= Usage =

Copy the plugin into your prosody's modules directory.
And add it between your enabled modules into the global section (modules_enabled):

 * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components)
 * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting)

Module configuration syntax:
{{{
host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" }
host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" }
host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" }
host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" }
}}}

The above is updated when the server configuration is reloaded so that you don't need to restart the server.

= Compatibility =

 * Works with 0.8.x, successive versions and trunk.