Software `/` code `/` prosody

Comparison

CHANGES @ 12187:94253e02d47d

mod_http: Limit unencrypted http port (5280) to loopback by default Since accessing this port directly over the wider Internet is unlikely to intentional anymore. Most uses will likely be by reverse proxies, by mistake or because of trouble configuring HTTPS. Blocking mistaken uses is just a good thing, letting users send potentially private things unencrypted tends to be Strongly Discouraged these days. Many reverse proxy setups operate over loopback, so listening there instead of all interfaces is a net improvement. Improved automatic certificate location and SNI support has mostly eliminated the need for manual certificate configuration so HTTPS should Just Work once certificates have been provided. For local testing during development, connecting over loopback is likely fine as well. When really needed, `http_interfaces` can still be set. Suggested by Link Mauve

author	Kim Alvefur <zash@zash.se>
date	Sat, 15 Jan 2022 15:13:41 +0100
parent	12148:b63bb2c4b6d9
child	12206:77ac0d96ac24

comparison

equal deleted inserted replaced

-:7f25ac9d8f0d
+:94253e02d47d
 -   Direct TLS support (c2s and incoming s2s)
 -   SCRAM-SHA-256
 -   Direct TLS (including https) certificates updated on reload
 -   Pluggable authorization providers (mod_authz_)
 -   Easy use of Mozilla TLS recommendations presets
+-   Unencrypted HTTP port (5280) restricted to loopback by default
 ### HTTP
 -   CORS handling now provided by mod_http
 -   Built-in HTTP server now handles HEAD requests

prosody

94253e02d47d

CHANGES

Software / code / prosody

Comparison

CHANGES @ 12187:94253e02d47d

Software `/` code `/` prosody