prosody
94253e02d47d
plugins/mod_http.lua
Software / code / prosody
Comparison
plugins/mod_http.lua @ 12187:94253e02d47d
mod_http: Limit unencrypted http port (5280) to loopback by default
Since accessing this port directly over the wider Internet is unlikely
to intentional anymore. Most uses will likely be by reverse proxies, by
mistake or because of trouble configuring HTTPS.
Blocking mistaken uses is just a good thing, letting users send
potentially private things unencrypted tends to be Strongly Discouraged
these days.
Many reverse proxy setups operate over loopback, so listening there
instead of all interfaces is a net improvement.
Improved automatic certificate location and SNI support has mostly
eliminated the need for manual certificate configuration so HTTPS should
Just Work once certificates have been provided.
For local testing during development, connecting over loopback is likely
fine as well. When really needed, `http_interfaces` can still be set.
Suggested by Link Mauve
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 15 Jan 2022 15:13:41 +0100 |
| parent | 12113:86e6f0810956 |
| child | 12191:8b57362f1176 |
comparison
equal
deleted
inserted
replaced
| 12186:7f25ac9d8f0d | 12187:94253e02d47d |
|---|---|
| 302 end); | 302 end); |
| 303 | 303 |
| 304 module:provides("net", { | 304 module:provides("net", { |
| 305 name = "http"; | 305 name = "http"; |
| 306 listener = server.listener; | 306 listener = server.listener; |
| 307 private = true; | |
| 307 default_port = 5280; | 308 default_port = 5280; |
| 308 multiplex = { | 309 multiplex = { |
| 309 pattern = "^[A-Z]"; | 310 pattern = "^[A-Z]"; |
| 310 }; | 311 }; |
| 311 }); | 312 }); |
