Mercurial > prosody-modules
view mod_restrict_federation/README.md @ 6562:5da6fb562df9 default tip
mod_unified_push: Fix push error handling (fixes #2000)
Use the error object that send_iq() passes
as an argument to it's reject callback instead of attempting
and failing to do the parsing in the callback itself.
| author | kmq |
|---|---|
| date | Mon, 06 Jul 2026 14:23:57 +0200 |
| parents | ba2c344e1bdd |
| children |
line wrap: on
line source
--- labels: - 'Stage-Beta' summary: Restrict federation for some user roles ... Introduction ============ This module allows you to control which user roles have permission to communicate with remote servers. Details ======= There are quite a few modules that have similar functionality. The properties of this one are: - Uses the new [permissions and roles](https://prosody.im/doc/roles) feature introduced in Prosody 13.0 - Blocks both incoming and outgoing traffic - Permits server-originated traffic (such as push notifications) - Permits traffic between hosts on the same server Configuration ============= Simply load the module as usual: ``` {.lua} modules_enabled = { ... "restrict_federation"; ... } ``` Any user without the `xmpp:federate` permission will be unable to communicate with remote domains. By default this module does not grant this permission to any role, meaning all users will be restricted. To grant permission to certain roles, you can use the `add_permission` configuration option (assuming you are using Prosody's [default authorization module](https://prosody.im/doc/modules/mod_authz_internal)): ``` {.lua} -- Allow registered users to federate (i.e. this excludes prosody:guest) -- As prosody:admin inherits all permissions from this role too, admins will -- also be able to communicate with other servers. add_permissions = { ["prosody:registered"] = { "xmpp:federate"; }; } ``` Compatibility ============= ----- ------- 13.0 Works ----- -------
