Mercurial Mercurial > prosody > prosody-modules / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_host_guard/README.wiki
changeset 1786 29f3d6b7ad16
equal deleted inserted replaced
1785:12ac88940fe3 1786:29f3d6b7ad16 
       
     1 #summary Granular remote host blacklisting plugin
 
       
     2 #labels Stage-Stable
 
       
     3 
       
     4 = Details =
 
       
     5 
       
     6 As often it's undesiderable to employ only whitelisting logics in public environments, this module let's you more selectively
 
       
     7 restrict access to your hosts (component or server host) either disallowing access completely (with optional exceptions) or
 
       
     8 blacklisting certain sources.
 
       
     9 
       
    10 = Usage =
 
       
    11 
       
    12 Copy the plugin into your prosody's modules directory.
 
       
    13 And add it between your enabled modules into the global section (modules_enabled):
 
       
    14 
       
    15  * The plugin can work either by blocking all remote access (s2s) to a certain resource with optional exceptions (useful for components)
 
       
    16  * Or by selectively blocking certain remote hosts through blacklisting (by using host_guard_selective and host_guard_blacklisting)
 
       
    17 
       
    18 = Configuration =
 
       
    19 
       
    20 || *Option name* || *Description* ||
 
       
    21 || host_guard_blockall || A list of local hosts to protect from incoming s2s ||
 
       
    22 || host_guard_blockall_exceptions || A list of remote hosts that are always allowed to access hosts listed in host_guard_blockall ||
 
       
    23 || host_guard_selective || A list of local hosts to allow selective filtering (blacklist) of incoming s2s connections ||
 
       
    24 || host_guard_blacklist || A blacklist of remote hosts that are not allowed to access hosts listed in host_guard_selective ||
 
       
    25 
       
    26 == Example ==
 
       
    27 <code language="lua">
 
       
    28 host_guard_blockall = { "no_access.yourhost.com", "no_access2.yourhost.com" } -- insert here the local hosts where you want to forbid all remote traffic to.
 
       
    29 host_guard_blockall_exceptions = { "i_can_access.no_access.yourhost.com" } -- optional exceptions for the above.
 
       
    30 host_guard_selective = { "no_access_from_blsted.myhost.com", "no_access_from_blsted.mycomponent.com" } -- insert here the local hosts where you want to employ blacklisting.
 
       
    31 host_guard_blacklist = { "remoterogueserver.com", "remoterogueserver2.com" } -- above option/mode mandates the use of a blacklist, you may blacklist remote servers here.
 
       
    32 </code>
 
       
    33 
       
    34 The above is updated when the server configuration is reloaded so that you don't need to restart the server.
 
       
    35 
       
    36 = Compatibility =
 
       
    37 
       
    38  * Works with 0.8.x, successive versions and trunk.
prosody-modules