mod_firewall Prosody

Information

Cette fonctionnalité arrive avec le plugin livechat version 11.0.0.

Vous pouvez activer mod_firewall sur votre serveur Prosody.

Ainsi, les administrateurs de Peertube pourront définir des règles avancées de pare-feu.

Avertissement

These rules could be used to run arbitrary code on the server. If you are a hosting provider, and you don’t want to allow Peertube admins to write such rules, you can disable the online editing by creating a disable_mod_firewall_editing file in the plugin directory (plugins/data/peertube-plugin-livechat/disable_mod_firewall_editing). This is opt-out, as Peertube admins can already run arbitrary code just by installing any plugin. You can still use mod_firewall by editing files directly on the server.

Edit rules

First, you must enable the feature in the plugin settings.

Juste en dessous des paramètres, vous trouverez un bouton « Configurer mod_firewall ». Ce bouton ouvrira une page de configuration.

$Screenshot of the “Configuration de mod_firewall pour Prosody”\nform.$ $Screenshot of the “Configuration de mod_firewall pour Prosody”\nform.$

Here you can add several configuration files.

Vous pouvez activer/désactiver chaque fichier.

Les fichiers sont chargés dans l’ordre alphabétique. Vous pouvez utiliser des préfixes numériques pour facilement en définir l’ordre.

Information

You can also edit these firewall rules directly on the server, in the plugins/data/peertube-plugin-livechat/prosody/mod_firewall_config/ directory. File names must only contains alphanumerical characters, underscores and hyphens. The extension must be .pfw, or .pfw.disabled if you want to disable a file. Please be sure that the peertube system user has write access to these files, else the web editing interface will fail. Once you have edited these files, you must reload prosody. This can be done by saving the plugin settings, or saving the mod_firewall configuration in the web interface, or by restarting Peertube.

When you save the configuration, the server will automatically reload it, and your rules will apply immediatly. You can check that there is no parsing error in the Prosody error log. To do so, you can read the plugins/data/peertube-plugin-livechat/prosody/prosody.err file, or use the diagnostic tool that will show last Prosody errors.

Examples

Don’t hesitate to share your rules. To do so, you can for example edit this page.