prosody-modules
4d73a1a6ba68
mod_host_guard/README.markdown
Software / code / prosody-modules
Comparison
mod_host_guard/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Aug 2015 18:03:58 +0200 |
| parent | 1782:mod_host_guard/README.wiki@29f3d6b7ad16 |
comparison
equal
deleted
inserted
replaced
| 1802:0ab737feada6 | 1803:4d73a1a6ba68 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Stable' | |
| 4 summary: Granular remote host blacklisting plugin | |
| 5 ... | |
| 6 | |
| 7 Details | |
| 8 ======= | |
| 9 | |
| 10 As often it's undesiderable to employ only whitelisting logics in public | |
| 11 environments, this module let's you more selectively restrict access to | |
| 12 your hosts (component or server host) either disallowing access | |
| 13 completely (with optional exceptions) or blacklisting certain sources. | |
| 14 | |
| 15 Usage | |
| 16 ===== | |
| 17 | |
| 18 Copy the plugin into your prosody's modules directory. And add it | |
| 19 between your enabled modules into the global section (modules\_enabled): | |
| 20 | |
| 21 - The plugin can work either by blocking all remote access (s2s) to a | |
| 22 certain resource with optional exceptions (useful for components) | |
| 23 - Or by selectively blocking certain remote hosts through blacklisting | |
| 24 (by using host\_guard\_selective and host\_guard\_blacklisting) | |
| 25 | |
| 26 Configuration | |
| 27 ============= | |
| 28 | |
| 29 Option name Description | |
| 30 ----------------------------------- --------------------------------------------------------------------------------------------------- | |
| 31 host\_guard\_blockall A list of local hosts to protect from incoming s2s | |
| 32 host\_guard\_blockall\_exceptions A list of remote hosts that are always allowed to access hosts listed in host\_guard\_blockall | |
| 33 host\_guard\_selective A list of local hosts to allow selective filtering (blacklist) of incoming s2s connections | |
| 34 host\_guard\_blacklist A blacklist of remote hosts that are not allowed to access hosts listed in host\_guard\_selective | |
| 35 | |
| 36 Example | |
| 37 ------- | |
| 38 | |
| 39 ``` {.lua} | |
| 40 | |
| 41 host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to. | |
| 42 host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- optional exceptions for the above. | |
| 43 host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting. | |
| 44 host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- above option/mode mandates the use of a blacklist, you may blacklist remote servers here. | |
| 45 ``` | |
| 46 | |
| 47 The above is updated when the server configuration is reloaded so that | |
| 48 you don't need to restart the server. | |
| 49 | |
| 50 Compatibility | |
| 51 ============= | |
| 52 | |
| 53 - Works with 0.8.x, successive versions and trunk. |
