Reputation: 31
Ejabberd, whitelisting/blacklisting user agent
I am setting up an ejabberd server for a community. I would like to allow only certain types of clients to connect.
I wonder if it's possible to implement whitelist/blacklist filters based on connecting User-Agent.
Thanks.
Upvotes: 1
Views: 305
Answers (1)
Reputation: 4120
filters based on connecting User-Agent.
In XMPP there is no User-Agent. A XMPP client does not identify its program name and version immediately.
The closest thing in XMPP is XEP-0092: Software Version, but there is no module in ejabberd to enforce it. And anyway, that XEP is available AFTER the client has connected and logged in.
It's used by mod_statsdx to query clients about their software and show statistics, but not for enforcing or filtering.
I would like to allow only certain types of clients to connect.
Another idea, in case this is enough for you: there are several ways that a XMPP client can connect to ejabberd:
- c2s on port 5222
- BOSH (over HTTP)
- WebSocket (over HTTP)
- all of those with and without encryption
See https://docs.ejabberd.im/admin/configuration/listen/
So, depending what clients you want to allow, you can enable only the required listeners.
Also, you can configure ejabberd to listen on a non-standard port. For example, instead of 5222, use 5111. Then tell your users to configure their client accordingly.
Similarly, if they use BOSH or WebSocket, you can setup it on a non-standard path, like /booosh or /wwws and tell your users to setup their clients accordingly.
As you can see in ACL Definition, the only ways to filter connections is by username, server, resource, and IP address. Umm, you can filter by resources, and tell your users to configure their client to provide a valid resource.
Another idea, if you provide the client to your users, is to break the protocol both in ejabberd and your client, so that only that specific client can connect.
Notice that you can configure ejabberd 21.12 to host the Conversations web client, and restrict everything else so your users can only use that client.
Upvotes: 1
Related Questions
- Ejabberd limit User Registration privilege
- ejabberd block communication from backend
- How to block a particular jabber_id to a particular person in ejabberd?
- Block other xmpp client from accessing my ejabberd server
- Blocking user using privacy list in ejabberd returns "not-well-formed"
- ejabberdctl - how to remove user from room
- Connection attempt from disallowed node on ejabberd
- Ejabberd : Disable request Accept/Cancel to chat with another user
- Security - Ejabberd - Validate Client
- Creating a bot-like configuration with ejabberd?